Are you protecting your stakeholders?

Financial fraud, denial of service, malware, espionage, phishing, identity fraud and spam are some of the threats your business may face. Are your security controls operating effectively to manage the risks that these threats pose?

Our services are offered in two forms, overt and covert:

Overt Tests

An overt test is where the penetration test team and the customer employees co-operate fully in the test. The penetration test team will learn the full environment of IP’s provided and will formulate tests accordingly. This ensures that all possible routes of entry into the company systems are identified and tested.

Covert Tests

A covert test is where the existence of the test is only known to the penetration test team and key customer employees. The penetration test team will approach the customer network as would any external hacker or disgruntled employee, and will have no prior knowledge of the customer environment. This allows security to be tested in the same way as a real hacker would, and also tests the security detection and response capabilities of the customer. (Outside of hours recommended).

What is penetration testing?

Penetration testing services (also known as security health checks, vulnerability assessments or security audits) are designed to identify vulnerabilities and threats within the security perimeter of an organisation’s networks, information and communication services and applications, to prevent the threat of external attacks.

The value of penetration testing

We provide evidence of any system weakness and the extent to which it may be possible for unauthorised personnel to gain access to and / or even misuse information assets from a system’s boundary. Regular, unbiased penetration testing can assist in focusing security resources where they are needed most, and provide a baseline for remedial action, in order to constantly ensure an information protection strategy.

BSS's penetration testing services

BSS provides a comprehensive and independent penetration testing service, using a team of experienced and UK Government-accredited CLAS and CHECK penetration testers. BSS experts continuously update their knowledge of the latest security vulnerabilities to ensure their advice is as current as possible. The scope of services include:

• CESG (CHECK) IT Health Checks – providing public sector clients with thorough and comprehensive penetration testing plans to UK Government accredited standards.
• Embedded System Testing (inc. SCADA) – conducting security studies and examining architecture to meet the security challenges associated with autonomous embedded systems.
• Intrusion Detection/Prevention System Testing (IDS/IPS) – providing operators with the opportunity to observe and understand the characteristics of hostile attacks within a controlled security assessment.
• Mobile Device Testing – reducing risk and identifying threats affecting the confidentiality, integrity and availability of corporate data on mobile devices.
• Network Infrastructure Testing – employing the appropriate tools and technologies to assess the level of network security required by the most complex of infrastructures.
• Open Source Research – analysing an organisation’s presence on the Internet to create a comprehensive profile of its online security posture.
• Remote Access Testing – identifying and preparing for the range of threats presented by traditional telephony systems as well as digital and IP networks.
• Source Code and Binary Review - reviewing software coding in order to identify possible issues of poor programming practices and resulting vulnerabilities.
• Standards and Compliance Review - assessing compliance of the target system or design to industrial, governmental or regulatory policies, procedures and standards.
• Voice over IP (VoIP) Testing – considering the most appropriate approach to a deployed VoIP solution based on the business need, chosen architecture, and security environment.
• Web Application Testing – understanding the inherent security threats of web applications, identifying weaknesses, and developing the appropriate security plans and policies.
• Wireless Testing (WiFi) – determining the risks associated with incorrect WiFi configurations or unauthorised devices, and making recommendations for planned infrastructure.
• Workstation and Laptop Testing – Identifying the risks of authorised and unauthorised users attacking systems to gain access to data or privileges for which they are not authorised.