Attackers exploit your vulnerabilities. Penetration testing allows you to find those vulnerabilities first.

Penetration testing requires experts with skill and experience. Division Zero provides experienced information security consultants to discover security holes before they are discovered by attackers. Whether it be an evaluation of a single system, or a complex web application, our information security consultants will deliver an easy to comprehend view of your specific risks.

A Penetration test is an effective way to detect the following types of vulnerabilities:

Software Vulnerabilities

Infrastructure and Application Misconfigurations

Weak Authentication and Authorisation Controls

Insecure Code

Application Penetration Testing

Web Applications

A Division Zero Consultant will assume the role of an external threat attacking your web application or web services (API). The purpose of this assessment is to discover common application vulnerabilities including insecure code use, broken access and authorization controls, poor input validation, improper error handling and common misconfigurations.

Our penetration test methodology is consistent with the Open Web Application Security Project (OWASP) web security testing guide.

Mobile Applications

A Division Zero Consultant will assess your Android or IOS mobile application for security weaknesses. This assessment is similar to a web application penetration test with additional mobile specific security tests as described in the OWASP MSTG.

Our mobile application penetration test approach is based on the OWASP mobile security testing guide. We recommend performing authenticated testing to ensure test coverage of all application features.

Network Penetration Testing

External Network

A Division Zero Consultant will assume the role of a remote attacker and assess your external network perimeter and internet exposed systems.

The Division Zero network penetration test approach is based on the Open Source Security Testing Methodology Manual (OSSTMM).

Internal Network

We assume the role of an unauthenticated attacker with physical or logical access to the internal corporate network. During an internal network penetration test we identify and exploit vulnerabilities affecting your workstations, servers and network devices. Our goal is to obtain administrative (privileged) access and assess if the team defending the network have the ability to detect and stop the intrusion.

The technical report includes realistic attack scenarios incorporating the identified vulnerabilities, to demonstrate how an attacker could take over your network.

Social Engineering

Phishing attacks are favored by attackers due to their high success rate. Division Zero offer custom email and voice Phishing campaigns which are designed to evaluate your staff’s level of security awareness and ability to detect and report social engineering attacks.

Select from one of our prescripted phishing campaigns, or work with the Division Zero Consultant, to dispatch a convincing phishing email to your staff. User actions are recorded and documented to demonstrate how your staff respond to the malicious mail. You will learn how many staff click the link, download the suspicious attachment or reveal their username and password.

After the exercise is complete, Division Zero can work with your internal team to incorporate the findings into your internal security awareness campaign strategy. The deliverable is a report containing an executive summary and the metrics from the exercise such as how many users clicked links, opened attachments, or revealed credentials.

Persistent Attack Testing

The Division Zero team will perform an ongoing assessment of an organizations internet exposed systems and online presence by mimicking the behavior, tactics, and techniques of a persistent attacker. Just like a persistent attacker we first discover and record every detail of your organization’s online presence using advanced open source intelligence techniques (OSINT). We then perform an initial assessment to record system information and identify vulnerabilities. The discovery and identification process is then repeated over several weeks to 1) track changes to your environment which may introduce known vulnerabilities and 2) identify susceptibility to newly discovered vulnerabilities.

Ready to get started?

Connect with Division Zero Connect with us