Penetration Testing

Penetration Testing Service

brandsec provides an end-to-end Penetration Testing service to assess the IT assets of our clients, including firewalls, routers, VPN, IDS/IPS, Web servers, Application servers, Database servers, etc. our Penetration Testing service provides an insight into the organisation’s current state of security, discover possible ways to penetrate and test the effectiveness of security countermeasures. We perform our Penetration Testing in two formats:

  • External Basic Penetration Testing: Performed remotely with no internal access provided to our security experts. The goal is to identify and classify the weaknesses and penetrate the internet-facing IT assets of an organization such as Web Servers, Network Gateways, VPN, E-mail Servers, and Firewalls.
  • Internal Basic Penetration Testing: Performed from within the premises of the target organization, usually to identify & classify threats and vulnerabilities in internal network presented by someone who already has access to the organization’s network such as an employee, contractor, or guest. It also helps an organization to determine its compliance on global or local policies, standards and procedures in terms of information security, data protection and segmentation of network.

In addition to listing all individual vulnerabilities in every IT asset, our approach is to find the systematic issues in the organisation that led to these issues. We often use a sampling methodology in our approach to focus on the root causes and prioritize the most important remediation steps.

Penetration Testing



Upon completion of the Basic Penetration Testing, a detailed report will be sent to the client, including the following:

Executive Summary: Summary of the purpose of this assessment, as well as a brief explanation of the threats that the organization is exposed to from a business perspective..

Findings: A detailed, technical explanation of the findings of the assessment along with steps and proofs of the findings..

Conclusion & Recommendations: This section provides final recommendations and a summary of the issues found during the security assessment..

Service Delivery Time

The Basic Penetration Testing service on 10 IT Assets can be completed in five business days.

Penetration testing is a process followed by an ethical hacker to simulate an attack on a system such as applications, websites, networks or even the system users and discover a vulnerability. A Pen test also evaluates the effectiveness of business security measures, technology, policies, and controls. The pen tester will look for design flaws, technical weaknesses, blindspots, poorly implemented processes and other vulnerabilities to identify threats. The results of the vulnerability assessment are then comprehensively documented that includes the threats, the risks and how to resolution measures. Businesses often require pen testing for different compliance requirements. There are common regulatory frameworks that require pen testing, such as:

  • SOC 2 Compliance
  • PCI Compliance
  • ISO 27001 Compliance
  • GDPR Compliance

In order for businesses to compete in commercial and government tenders that they have conducted and passed independently audited pen tests and in some cases show compliance certificates for the above-mentioned audits.

  • identify and address weaknesses in a specific application or system
  • test your cyber defence capability
  • protect sensitive data
  • classify security risks to the business
  • understand the likelihood of attacks based on network or application configuration
  • identify poorly drafted or implemented security policies
  • assess security policy compliance
  • maintain customer and shareholder trust

Internal Penetration Testing is performed from the LAN or DMZ standpoint of the company, while the External Penetration Tests are performed from the Internet.  Furthermore, sometimes tests are performed in a live environment or in a test environment depending on the purpose of the pen test.

Typically a test focusses on the following:

  • IT Infrastructure Testing
  • Web Application Testing
  • Mobile Application Testing
  • Social Engineering
  • Physical Security Testing
penetration test