PCI Consulting Australia provides a comprehensive Penetration Testing solution in alignment with the requirements of PCI DSS version 3.2.1 (and soon 4.0). This service encompasses both internal and external network and application layer assessments. Our methodology for application penetration testing not only encompasses the OWASP (Open Web Application Security Project) framework but also integrates our proprietary set of tests, which is continually updated to incorporate newly identified vulnerabilities. Acknowledging that real-world cyber attacks encompass a diverse range of tactics beyond automated scans, our approach involves meticulous penetration testing that includes manual endeavours to exploit vulnerabilities. These tests can be executed on-site or externally through VPN connections, or by utilising a physical device that can be introduced into the network. Post-assessment, we compile a clear, easily comprehensible report which includes recommendations for remediation and ratings for all vulnerabilities identified. We also offer a free re-test within 30 days for remediation of items identified in the initial report.
A vulnerability assessment comprises both automated scans and manual identification of vulnerabilities. The key distinction between a vulnerability assessment and a penetration test lies in the fact that, in a vulnerability assessment, we refrain from actively exploiting the identified vulnerabilities. Instead, our focus is on validating their existence and providing comprehensive explanations within the subsequent report.
Our cloud services review consists of three core elements: architecture review, configuration review and verifying monitoring processes. As recent history has shown, misconfigured cloud services can be an easy point of entry for attackers, even if the applications and infrastructure are secured to the highest standards. A cloud security review is another approach that PCI Consulting Australia helps protect your systems, data and customers.
Human factor remains the weakest link in the corporate IT chain. Having well secured and patched systems is actually only less than half the battle. Expanding security awareness amongst the employees of every level in the organisation becomes more critical with every passing day. PCI Consulting Australia offers email phishing campaigns which will test the employee’s susceptibility for social engineering attacks.
PCI Consulting Australia offers SOE reviews of the most critical systems in your environment. This standardised approach ensures the configuration of the devices is up to industry standards.
Due to the nature of the wireless networks, attackers do not require physical access to the local network. If the wireless network is not configured and secured properly, it can become an easy entry point for the attacker to the internal corporate network.
Passive testing represents a scaled-down version of comprehensive penetration testing, involving the observation of network traffic and identification of security misconfigurations. In certain scenarios, executing an active penetration test might be unfeasible due to legal limitations, the absence of ownership of the application, and various other factors. To address these constraints, PCI Consulting Australia presents the option of passive testing. Within this approach, our tester navigates through the application, overseeing and capturing network traffic for subsequent security analysis. Consequently, this method allows for the discovery and resolution of numerous security misconfigurations, thus enhancing the overall security stance of the environment.
Accessibility testing is designed to verify which systems (if any) are accessible from locations which by design should not have access to those systems. In many cases misconfigured ACLs or firewall rules allow specific traffic to pass through to unwanted subnets which can present additional attack vectors- especially if those target hosts contain sensitive data
This engagement can consist of the following tests:
Users can quite often reuse their passwords which puts the corporate environment at risk. OSINT identifies which users are the highest risk to the business from this perspective due to the previous compromise of the account on a 3rd party portal where the user utilized their business email address.