We offer a wide range of security assessment services, which can be tailored to form a package that meets the security needs of your business
Our network penetration testing services cover a broad spectrum of domains such as cloud, wireless, mobile, stealth campaigns, phishing, IoT, external & internal networks and solutions.
This comprehensive cybersecurity audit covers supply chain risk, M&A due diligence, IoT and a range of advanced penetration testing scenarios and bespoke projects that can be tailored for the security needs of your company.
Ensuring the safety and security of user data is paramount to running any mobile applications. Our tailored approach checks for flaws or exploits that could lead to your data being compromised. These services are designed to identify potential threats and vulnerabilities before it’s too late.
Cyber Attack Simulations are designed with multi-step attack scenarios to check how defensive controls react during a real time attack. This includes red teaming, blue/purple teaming and phishing campaigns.
Most organizations, like yours, are migrating to cloud due to ease of use and 24 x 7 availability. As an end user of cloud hosted solution, it is your responsibility to ensure that the security of any operating systems and applications hosted in the cloud are continuously maintained and tested.
Our team of cybersecurity experts will test and perform security assessments for all your web applications. This will include code reviews, threat modeling and database assessments.
Our network penetration testing services cover a broad spectrum of levels, including single build reviews, segregation reviews to network-wide assessments.
Cybersecurity is only effective when it is proactive. By identifying weaknesses and vulnerabilities before they are exploited, you ensure the integrity of your network. Frequent security assessments also create a more efficient system, helping to prevent data loss and minimise any downtime that would affect your business and your customers.
No one doubts the talent and commitment of your in house administrators and developers, or the great work they’re doing. But, by having a third party come in and perform an independent cybersecurity audit and review of your systems, you can ensure that no stone is left unturned. Our team of skilled cybersecurity experts will help to identify any vulnerabilities and weaknesses your team may have missed.
There is no magic bullet or one size fits all cybersecurity solution that will protect your network. In order to make sure you’re protected, you need continuous security assessments and up to date solutions that keep your organisation ahead of the curve.
The information gained from our security assessments and cybersecurity audits will form the basis of a cybersecurity strategy that you can rely on to protect your network. You can update your practices, employee awareness, processes, and technology to match the new threats and evolving cybersecurity landscape.
The nature of cybersecurity threats is one of constant evolution; growing in sophistication and changing in order to exploit new vulnerabilities and evade detection. This is why you need to perform regular security assessments to protect your network.
We are proud to offer project flexibility options such as cancellations, reporting customisation in addition to pricing structure.
A penetration test pricing is often calculated around a resource's time towards testing the functions of an asset for e.g. Number of servers, VLANs, hosting environment, physical locations in a company or number of dynamic pages, input fields and privilege levels in an application. Based on the client and environment, further complexities are added into time calculation such as custom features, architecture complexity, positioning in the network, hosting facilities, etc. Therefore, a walkthrough or a knowledge document as a pre-requisite to scoping always adds to accuracy.
Our assessment pricing involves transparency around sub-elements of a project based on the utilisation of resources on man day basis. This is further categorised in phases based on the nature of assessment and objectives agreed. Once we have your requirements, we produce a customised proposal including pricing to help you make an informed decision.
We understand that customers have deadlines to meet. We also understand go lives could be delayed due to penetration tests not scheduled in time.
Penetration testing activities such as planning, preparation and execution need time, therefore we ask all our clients to give us 3-4 weeks lead time. With that said, based on time and requirements we may fulfil urgent project requirements. Please get in touch as soon as you are confident on timelines.
Duration of an assessment varies based on the size of the asset in scope. For instance, an application with multiple pages with dynamic content and form fields would take longer to assess than a static website with a simple search function. Similarly, networks based assessments include restrictions, size, accessibility factors while determining the timescales.
Unauthorised or authorised exercises differ in timescales due to the lead time required to build a knowledge about the functionality of the asset.
We often get queried on how to meet compliance requirements and if our assessments would be sufficient evidence of an audit. Our assessment is in compliance with the highest penetration testing standards such as CREST and cover the well known standards such as OWASP, SANS Critical Security Controls, CIS Controls and NIST standards. Please ensure that you discuss these pre-requisites with your Defendza account manager before moving forward.
Client servicing underpins everything we do.
Our comprehensive reporting provides both strategic and tactical recommendations.
Post-engagement, we offer a free of charge debrief where we perform walkthroughs of the project, understanding of risks and helping customers to prepare a remediation plan.
Our web and phone support is available to all customers where we promise to answer all queries between 24-48 hours.
We take customer communication as seriously as reporting or assessment execution. We engage with customers throughout a project, and ensure that customer contacts are up to date in the language they understand. Post engagement, a free debrief is conducted to help management as well as technical audiences understand the weaknesses and prepare a mitigation plan.
In a usual asset's lifecycle, a penetration test is conducted at least once a year.
During any changes such as infrastructure refresh, major upgrades or modifications, a penetration test is advised to be aware of gaps presented by the infrastructure (applications, systems, networks) changes. Some compliance requirements such as PCI DSS, sector based commission technical audits, vendor assurance requirements mandate regular penetration tests.
Defendza adheres to CREST code and conduct ensuring high technical standards of professional security testing. We attempt to identify and tweak our assessments based on the fragility of the assets in scope. Our methodology ensures that all our assessments are designed to perform safe assessments without disrupting everyday business.
Low level attacks, Denial of Service attacks are explicitly deemed out of scope for all assessments.
This depends upon on the project requirement. For internal network penetration testing, wireless security penetration testing, internally accessible assets, onsite assessments are performed either at customer premises, data centre or service provider site.
Many a time, penetration testing can be performed remotely. We provide our external IP addresses during every remote assignment so that customer logging and monitoring processes and procedures are aware of this activity.
Defendza's assessment methodology is reviewed by CREST, and we adhere to CREST's code and conduct to ensure we maintain high technical standards during professional security assessments.
For penetration tests, our methodology encompasses OWASP, SANS Top 20 Critical Controls and CIS, NIST or other standards are included based on the customer request.
While automated scans are useful to identify low level hanging fruits such as missing patches or common vulnerabilities, they do not cover in-depth reviews of an asset.
During a penetration test, majority of the execution phase involves manual approach however Defendza utilises automated tools for specific activities as port scanners, web proxies as an early step to the engagement. A penetration test uncovers flaws such as business logic issues that are otherwise uncovered during an automated test.
A vulnerability scan is performed with the use of automated tools to identify known weaknesses. No exploitation of weaknesses is involved in this test.
A penetration is in-depth assessment focussed on identifying and exploiting the weaknesses to measure the impact and likelihood of an attack. It combines machine and manual approaches to identify hidden weaknesses.
Defendza's assessment methodology ensures rigorous examination of your assets i.e. networks, web applications, web services and/or mobile applications to identify and exploit a range of security vulnerabilities. These assessments vary in size and scope based on the drivers of the engagement and business decisions. Three different penetration test strategies are black box (without prior knowledge), grey box (with some knowledge) and white box (with all information) assessments.
Learn more about our range of offerings here
A penetration test is an exercise to identify technical risks affecting software and hardware in scope. An accurately scoped penetration can add an assurance that the products and security configurations, controls are configured in line with good practices, and no common or publicly known vulnerabilities affect the assets in scope, at the time of the test.
A penetration test is a form of cyber security assurance provided by demonstrating weaknesses in an asset. The objective of this assessment is to identify security weaknesses in the target networks, applications and/or systems that could impact negatively on a customer's business or reputation if they led to the compromise or abuse of systems.
We take tremendous pride in the detailed and efficient process that we offer to our clients
Take the first step towards ensuring your cybersecurity - get in touch with our team of experts via our ‘Contact Us’ form. From there we’ll begin informal discussions about we can work together to build a cybersecurity package tailored for your business.
We like to get to know our clients first, to understand your business, your network, and map your security needs, so we’ll arrange a face to face or a video meeting between you and one of our cybersecurity experts to discuss your requirements.
Using this information, and our wealth of cybersecurity knowledge, our team will put together a tailored proposal designed to meet your business’ specific security requirements.
Defendza’s excellent customer communication is the key to our success. All our consultants ensure that progress updates are provided in an easy-to-understand and business-focused way, ensuring that you’re aware at every stage of how things are progressing. Our reports give you strategic recommendations to help you prepare a mitigation plan for any attack, so that you are fully aware of overall risk and its impact on your business.
At Defendza, we make sure that everyone understands what has been done, at technical and management level, via a debrief either onsite or via a call.
Email and phone support are provided after completion of the project, with a reply within 24 hours to any queries.
Defendza's checklist-based guidance online retailers especially SMEs to provide with an overview of both basic and advanced cybersecurity measures they should implement. Overall, the guide will enable organizations to improve their cybersecurity posture, reduce security risks, avoid vulnerabilities, and enhance their resilience.
Read the BlogDefendza, a cyber security firm specialising in cyber security consulting and managed services, offers a five-point quick help cheat sheet that would help SME’s tackle the most common cyber-attacks.
Read the BlogDefendza, a cyber security firm specialising in cyber security consulting and managed services, offers a six-point quick help that would help SME’s tackle the most common cyber-attacks.
Read the Blog
