Penetration Testing, Vulnerability Assessments, Compliance & Advisory

Understanding where your vulnerabilities lie is a critical step to protecting your organization from attack.

Division Zero offer a wide range of Penetration testing activities which determine the effectiveness of an organization's security controls, to defend against skilled hackers, in real world situations. Our tailored Penetration testing services will arm you with everything you need to know, when it comes to securing your network, systems or applications. Get a true sense of your risk exposure by undergoing a Penetration test to identify your weaknesses before an attacker does.

A Penetration test is an effective way to detect the following types of vulnerabilities:

Software Vulnerabilities

Infrastructure and Application Misconfigurations

Weak Authentication and Authorisation Controls

Insecure Code

Network Penetration Testing

External Network

A Division Zero Consultant will assume the role of an internet based attacker and perform a penetration test of your external network boundary and internet exposed systems. An external network penetration test will identify and confirm vulnerabilities affecting systems and applications which could be exploited by an attacker to cause harm to your business.

The Division Zero network penetration test approach is based on the Open Source Security Testing Methodology Manual (OSSTMM).

Internal Network

We assume the role of an unauthenticated attacker with physical or logical access to the internal corporate network. During an internal network penetration test we identify and exploit vulnerabilities affecting your workstations, servers and network devices. Our goal is to obtain administrative (privileged) access and assess if the team defending the network have the ability to detect and stop the intrusion.

The technical report includes realistic attack scenarios incorporating the identified vulnerabilities, to demonstrate how an attacker could take over your network.

Application Penetration Testing

Web Applications

A Division Zero Consultant will assume the role of an external attacker and perform a penetration test of your web application or web services (API). Our goal is to detect web application security vulnerabilities such as insecure code usage, broken access and authorization controls, poor input validation and misconfiguration of underlying infrastructure.

Our Web application penetration test approach is based on the Open Web Application Security Project (OWASP) testing guide. It is recommended to perform authenticated testing to ensure complete coverage.

Mobile Applications

A Division Zero Consultant will assess your Android or IOS mobile application for security vulnerabilities such as those in the OWASP top 10. Similar to a web application penetration test, a mobile app penetration test is an evaluation of both the application user interface and application functionality. The engagement includes evaluation for Android/iOS specific vulnerabilities and mobile device configuration issues.

Our mobile application penetration test approach is based on the OWASP testing guide. Authenticated testing is recommended to ensure coverage of all application features.

Social Engineering

Phishing attacks are favored by attackers due to their high success rate. Division Zero offer custom email and voice Phishing campaigns which are designed to evaluate your staff’s level of security awareness and ability to detect and report social engineering attacks.

Select from one of our prescripted phishing campaigns, or work with the Division Zero Consultant, to dispatch a convincing phishing email to your staff. User actions are recorded and documented to demonstrate how your staff respond to the malicious mail. You will learn how many staff click the link, download the suspicious attachment or reveal their username and password.

After the exercise is complete, Division Zero can work with your internal team to incorporate the findings into your internal security awareness campaign strategy. The deliverable is a report containing an executive summary and the metrics from the exercise such as how many users clicked links, opened attachments, or revealed credentials.

Persistent Attack Testing

The Division Zero team will perform an ongoing assessment of an organizations internet exposed systems and online presence by mimicking the behavior, tactics, and techniques of a persistent attacker. Just like a persistent attacker we first discover and record every detail of your organization’s online presence using advanced open source intelligence techniques (OSINT). We then perform an initial assessment to record system information and identify vulnerabilities. The discovery and identification process is then repeated over several weeks to 1) track changes to your environment which may introduce known vulnerabilities and 2) identify susceptibility to newly discovered vulnerabilities.

Ready to see if your secure from persistent threats?

Connect with Division Zero Connect with us