application | mobile | infrastructure | cloud | physical
Built on a strong history of delivering NCSC (CESG) services our penetration testing team are experts in assessing products and services for security weaknesses. We pride ourselves in writing business friendly reports with clear advice on how to mitigate problems.
Penetration Testing & CHECK Services
The Modux penetration testing team is made up of application, infrastructure and mobile application security specialists, all of which hold industry certifications from Crest and Offensive Security examination boards.
Web Application Penetration Testing
Application penetration testing is primarily a technical security assessment of the application which focuses on discovering security mis-configurations and logic flaws in the application and associated services. The majority of the assessment is based around consultants using the application in the same way an end user would, however the primary goal is to assess the application for potentially insecure functionality that could lead to compromise of the application, any associated data or other application users.
As well as common place attacks against session management, authentication and input validation systems, Modux consultants work to assess technology and application language specific functionality. Modux prides itself on having in depth knowledge of the wide ranging technologies used within web development and application stacks.
Infrastructure Penetration Testing
Technical security assessments against network elements and associated infrastructure ordinarily consist of automated discovery and enumeration phases, followed by manual assessment and verification stages. Services are assessed for vulnerabilities and security misconfigurations that could be potentially be leveraged to cause data loss, damage or disruption across an organisation.
Often low risk security findings can be chained together leading scenarios that allow for data exfiltration or denial of service from the environment. As such Modux perform every assessment based on an understanding of the environment, its day to day uses and the risks that the organisation may face. This helps us fully evaluate the context of any discovered security weaknesses which allows our client organisations to properly digest the risks.
NCSC IT Health Check for government systems are delivered by our expert CHECK Team
Often referred to as red-teaming or war-gaming; realistic enterprise simulations cover broad areas of the organisation. Designed to discover entry points and security weaknesses that can be compounded to leverage control.
Simulated Real World Scenario
Modux have performed red-team assessments against the security of some of the world’s largest enterprises.
Our red team are amongst the best in the world, with a vast amount of knowledge and experience gained performing red team exercises internationally for FSTE 100 companies. We use both publicly available tools, and in house developed tools to perform the red team, simulating the methods used by both external attackers and malicious insiders.
Through-out the exercise, we will work with your NOC/SOC teams to understand which attacks were identified, and which went under the radar. We record the data from the entire exercise, and using our experience with SOC monitoring platforms, we can advise on the rules and alerts that would have detected our activity, and help to identify gaps in the current systems.
Designed to discover entry points and security weaknesses that can be compounded to leverage control,
Modux consultants have assessed the security of some of the world’s largest enterprises. Each assessment begins with intelligence gathering at an enterprise, network and personnel level to assess the potential attack surface and possible entry points. Analysis of the information gathered results in a defined scope, from which focused exercises can begin.
Finding routes into systems and networks, and escalating privileges overtime, the assessments are designed to demonstrate the true resilience of the organisations networks to attack and data exfiltration.