Penetration Testing and Vulnerability Scan Services 2020-01-31T17:23:40+00:00

Penetration Testing and Vulnerability Scan Services

The threat of cyber-attacks has led to an increase of proactive identification of potential vulnerabilities that can be achieved with simulated and controlled security evaluations of technology solutions. Escrow London provides a comprehensive range of cyber-security services to identify and evaluate potential vulnerabilities, root cause analysis and mitigation control.  Our in-depth assessments help improve the organisational security posture and prioritises the implementation of security controls based on a simulated attack.

Penetration testing is the process of conducting a simulated attack on IT infrastructure to determine any weaknesses using the methodologies, techniques and tools that provide the best representation of what a real-world malicious attacker would do.

Trusted by Many of the World’s Biggest Companies

eq
BI
masmovil logo
pf
oxford
DOE
sc
db
dnata
cg
arq
bomb
prud
unil
talgo
nhs
cinfin
JLR
bw3

Escrow London’s process for application and network layer testing is closely aligned with OWASP (Open Web Application Security Project) guidelines and typically includes:

  • Gathering Information about target:
    • Enumeration of applications and underlying infrastructure
    • Map entry points and execution paths through the application
    • Network and infrastructure configuration
    • Test HTTP methods
    • Test SSL configuration
  • Threat Analysis
    • Identity management
      • Role definitions
      • Registration process
      • Account provisioning process
    • Authentication and authorisation testing
      • Credentials transport
      • Lockout mechanism
      • Bypassing authentication schema
      • Privilege escalation
    • Session management
      • Cookies attributes
      • Cross Site Requests forgery (CSRF)
      • Timeout
    • Input Validation
      • Cross Site Scripting (Stored and Reflected)
      • SQL / XML / command injection
      • Format string
      • Various buffer overflow
      • Error handling
    • Client Side
      • Resource manipulation
      • Cross origin resource sharing
      • Local storage
    • Cryptography
      • Weak SSL/TLS ciphers
      • Sensitive info over unencrypted channels
  • Business logic testing (white box and code review only)
    • Business data validation
    • Integrity checks
    • Process timing
    • Workflows
    • Application misuse
  • API testing
    • User authentication
    • Data exposure
    • Rate limitation / resource management
    • Function level authorisation
    • Injection
  • Identifying and prioritising vulnerabilities on agreed IP addresses
  • Exploiting identified vulnerabilities to determine the risk level
  • Providing executive level reporting and actionable remediation strategies

Escrow London believes that any findings should be supported by clear evidence and explanations (attack narrative). This methodology allows clients to replicate the results if needed (proof-of-concept).

DEFINITIONS OF RISK RATINGS

Escrow London have adopted the Common Vulnerability Scoring System (CVSS) version 3, which is a vendor independent industry standard. It is designed to assign vulnerability severity and help determine priority of response.

Please note, the results and their severity are reported from a technical exploitation perspective and may not reflect the overall business risk management within the organisation.

Severity Base Score Range Examples
None 0.0
Low 0.1-3.9 Information can be obtained by hackers on configuration
Medium 4.0-6.9 Sensitive information can be obtained by hackers on configuration
High 7.0-8.9 Trojan horses, Remote command execution, File read exploit, directory browsing and Denial of Service (DoS)

where command execution is possible

Critical 9.0-10.0 System is accessible by unauthorised users, default passwords

Send us a Message

If you have any questions and would like to send us a message then you can use the form here. Simply fill in your details and somebody will be in touch with you.

We're committed to your privacy. Escrow London uses the information you provide to us to contact you about our relevant content and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.