What is Pen Testing?

Penetration testing, or pen testing, is a method of evaluating an organisation's cybersecurity strengths and weaknesses through a process known as ethical, or white-hat, hacking. 

What is our pen testing offering?

Our pen testing service offers companies an evaluation of their cybersecurity strengths and weaknesses presented in a clear and easy to read report. Through the process of ethical hacking, our experienced testers uncover the ways an organisations’ system can be compromised. Their work is the starting point for our cybersecurity recommendations. The information contained within our report is personalised and based on the scope that we outline with our clients. It details practical information and provides actionable insights to address an organisation's vulnerabilities.

How does it work?

When we perform a pen test, we challenge the cybersecurity measures an organisation has in place by attempting to bypass them. Essentially, we act as ethical, or white-hat, hackers. Each pen test we perform is unique. We work closely with our clients to understand their concerns and define the scope of the test. We also help them to decide which of our three types of pen test would best suit their needs. The three types we offer are: 

White Box Pen Testing:

Our tester is provided with some information about the company before we begin to perform the test. For example, they may have access to IP addresses or network information.

What are the advantages?

1. Our tester ensures that all company software is tested.
2. White Box Pen Testing is rigorous and detailed. 

Black Box Pen Testing:

Our tester does not have access to any company information before beginning to perform the test. Usually, they are only given the company name. 

What are the advantages?

1. The tester is working from a user’s point of view 
2. The tester knows nothing about the company and therefore is not subject to bias or prejudice

What are the disadvantages?

1. The tester may repeat some tests which have already been performed by the programmer
2. This process can be very time-consuming because the tester must carry out reconnaissance before beginning the test

Grey Box Pen Testing:

The tester does not have detailed knowledge of the organisation but does have limited access to company information. This is often referred to as a middle ground between white and black box testing.

What are the advantages?

1. The tester is emulating the work of an attacker that has gained access to a user account. 
2. This process is less time consuming than Black Box Pen Testing because the tester has access to some company information 

What are the disadvantages?

1. The programmer may have already run similar tests and there may be a duplication of effort

Each type of pen test has pros and cons. We work closely with all of our clients to find the test that best suits their needs. 

Who is Pen testing for?

Both large and small organisations engage us to perform pen-testing, however, the nature of the organisation, as well as its cybersecurity budget, dictate how often it can be performed. Although pen testing is beneficial for every company, it should be performed by companies that process and store sensitive data. Cybersecurity is an ever-evolving field so the more often pen testing is performed, the more prepared a company will be in the event of a cyberattack. 

What are the key features of our Pen testing service?

At Stryve, pen testing is a client-focused, personalised service that provides a clear and comprehensive evaluation of an organisation’s cybersecurity system. We produce an easy to read report which provides realistic recommendations that are underpinned by practical and precise analysis. As an ISO 27001:2017 Certified Partner, we can use our expertise and experience to improve organisations’ existing cybersecurity measures. 

What are the key benefits?

Pen testing has several key benefits ranging from identifying cybersecurity weaknesses to guiding companies on GDPR compliance and cybersecurity investment. The central aim of the test is to identify the areas most vulnerable to attack within an organisation and guide them on how to improve their existing cybersecurity measures. 

Key Benefits include:

1. A pen test allows companies to identify their cybersecurity strengths and weaknesses.
   

2. Pen testing can verify if an organisation’s cybersecurity system is secure, providing  confidence that their existing cybersecurity measures are fit for purpose.
   

3. A pen test also ensures that companies are GDPR compliant.
   

4. Pen testing evaluates how a company would respond to a cyber attack helping  to improve existing strategies and to enable better company responses.
   

5. Finally, it alerts organisations to vulnerable areas that require attention, and further investment.

What do Stryve offer that is different?

Our testers are well-known experts in the cybersecurity field who have worked for organisations such as NATO, competed in Capture the Flag hacking contests and trained law enforcement representatives. Their expert knowledge and advice is the key to ensuring that your systems do not fall victim to a cyberattack.

‍