How it works
We believe that we exist to secure the connected and grant the opportunity of a better online life. Penetration testing helps you achieve that.
We demonstrate this in the way we conduct our Penetration Testing. Just running a bunch of scripts from a Kali installed laptop is not penetration testing. We use experience, skill, research and human intuition to provide the best penetration testing on the market.
Penetration Testing is also known as pen testing or ethical hacking. It is the systematic process of discovering security weaknesses and vulnerabilities within people, process and technology.
Penetration testing is about viewing your network, application, device, or physical security through the eyes of an attacker. Testing identifies cybersecurity vulnerabilities in people, process and technology. An experienced penetration tester can locate:
• Where a hacker might target you
• How they would attack
• How your defences would fare
• The possible magnitude of the breach
Pentesting seeks to identify flaws and weaknesses in people, process and technology. Most commonly, it identifies security issues in networks, systems and applications.
It is possible to purchase cheap automated penetration testing. They do exist and these can identify some cybersecurity issues. Proper penetration testing manually considers and confirms all of the automated results. It is the results of real testing that can accurately determine the business’s vulnerability to attack, as well.
In the complex cybersecurity landscape, pentesting has become a must for almost every industry. For many organisations and businesses, it is the law to conduct penetration testing at least annually. For instance:
• Health organisations under the GDPR and DPA;
• Financial institutions test for FCA compliance;
• Businesses accepting or processing payment cards must comply with Payment Card Industry standards;
• Regional and local governments under the CESG rules; and
• All companies with personal information of individuals under the GDPR and DPA.
Even businesses that might think they don’t have any valuable information to protect could be at risk of someone trying to take over the network, install malware, disrupt services, and more. The rise in ransomware attacks and extortion since the COVID outbreak has been incredible. For many of the victims of these attacks, penetration testing would have identified the cybersecurity weaknesses before the attack. With so many bad actors out there, penetration testing keeps up with evolving technology.
During a penetration test, the attackers, played by our talented team, act on your behalf to find and test security weaknesses. The weaknesses that criminals or people with malicious intent could exploit. You will often see this portrayed by Hollywood as a young lad in a hoody, in a darkened room furiously typing on a keyboard and resulting in getting access to systems. The reality of significantly different. Penetration Testing for us is all about 99 failures to every success. We can hammer on 100 different systems and maybe only one will prove fruitful. At the end of the day, the attackers only need to be lucky once. You need to be lucky all the time.
Our testing is very structured and methodical. We follow a standardised testing methodology. The best way to think of a methodology is to think of it as a recipe book, and it is the guide that is at the centre of everything we do on penetration tests. Our methodology is based on the Penetration Testing Execution Standard. We further incorporate the penetration testing methodology for Web Applications, the OWASP testing Guidelines v4.
Our testing team are all cyber security professionals who spend 25% of their year researching new techniques, understanding the latest attacks and keeping up their professional qualifications. A lot of time is spent going to conferences, speaking at conferences, helping teach youngsters and working within out mentoring project.
Their skills are honed over time to mimic the methods used by criminals. They do this without causing you damage. All of our testing staff have one thing in common, and that is the level of qualification they must possess prior to conducting any form of penetration testing on clients assets.
At Hedgehog, we recognise the OSCP and the CREST CRT as the minimum level of qualification to carrying out any pentesting. This means that all staff involved in your penetration test will be very well qualified for the job at hand.
This is one of the most critical steps in ensuring success in your penetration test. The Pre-Engagement is where we work together to define the scope, and the goal of the test rigorously. We do this through a scoping call, and you can book these at a time and date convenient to you.
During the scoping call for your penetration test, we are looking to identify exactly what needs testing, how complex it is and how much time we will need to use to complete the penetration test to the best of our capability. We will also look to identify the goal of the penetration test. The goal could be as simple as “identify all the exploitable vulnerabilities”. It could be a lot more complex such as “pivot through an exploited host and attack the internal network to gain access to client data.”
Having a well defined scope is the key to the success of your penetration test. This is why we can never answer the question of “how much is a penetration test” until we have had a call to discuss your penetration testing scope.
The second step in a penetration test is Intelligence Gathering, and it is a two step process. The first step is, at Hedgehog anyway, done in the background normally a week before your test start date. The vast majority of the intelligence gather phase is performed by automated scripts. The scripts are typically used within a penetration test too, for more targeted needs. Essentially we are looking to gather as much information about your business and your penetration test scope as we can from available public sources.
During the second part of the intelligence gathering phase, we will review the output from step 1 and any documents or information you have provided us. This is typically done the day prior to your penetration test starting. We will scour the internet, and to an extent, the dark webs, to identify any further information or data that could be beneficial to your test. The typical documentation we are looking for includes system architecture, data flow, infrastructure, concepts, password hashes, names, identities etc.
What is the purpose of this? Well imagine if we were to find the companies internal information in a forgotten bit-bucket somewhere? This could be used in the penetration test to help gain access to systems. Equally, it will help identify any potential client information left exposed. It all goes to helping complete the most comprehensive penetration test available to you and ensure a positive return on your investment.
The reconnaissance phase of every penetration test builds on the Intelligence Gathering stage through the use of active, in-depth technical review of the scoped environment. We will delve into each of the systems/applications in scope to identify the component structure and map all of the points of interaction.
This part of penetration testing is vitally important to the success of the test. We will look to identify every point of interaction that a user can have with a system, application or target. We will identify the technologies used and whether there are any easy wins that can be identified. This is done through port scanning, passive information analysis, mapping and analysis. The goal if this phase is for our penetration testers to understand the scoped environment in its fully extent.
Vulnerability Analysis is the most time-consuming aspect of every penetration test. Vulnerability Analysis starts with a series of reviews of the scoped environment using various vulnerability scanning tools. We typically use a number of scanners and tools to aid in the rapid analysis of vulnerabilities. Our primary tool for vulnerability analysis is Secure, our in house developed vulnerability scanner. Secure uses a number of internally developed processes as well as commercial scanners including Nessus, OpenVAS and NeXpose.
The output from the vulnerability analysis phase is the identified of known vulnerabilities. Every one of these vulnerabilities is then manually reviewed and validated. Once the automated scans are complete and the vulnerabilities confirmed, the tester then moves on to attempting to find unknown vulnerabilities manually. With Web Application testing, the bulk of the time is spent in manual vulnerability analysis. Unknown vulnerabilities are commonly known as zero days and these can exist in many different areas of the scope. This is why the vulnerability analysis is the most time consuming.
The exploitation phase of the penetration test is where we take all the vulnerabilities we have identified and use them to try and reach the goal set out in the Pre-Engagement step. We review each of the vulnerabilities, identify any exploits available for use and perform exploitation in a safe and controlled manner.
In a Web Application penetration test, this might lead us to bypass authentication controls or use other users accounts. We may be able to access information that would usually be protected by session management and authentication and authorisation controls.
In an Infrastructure pen test, this might result in the tester being able to sniff passwords on the network or gain access to a server. The goal of exploitation is to work towards achieving the objectives of the test incrementally.
Once an exploit is successful, the entire pen test process restarts at Intelligence Gathering within the context of the exploited system or application. Exploitation testing can be extremely time consuming so it must be conducted in a very controlled manner.
During the post-exploitation aspect of the penetration test, your pen tester will be analysing all of the gathered data and the results of individual tests. The analysis includes categorising the detected vulnerabilities and prioritising them per the business and technical context. It is during this step that further testing needs are identified, and the tester will loop back and test or retest specific areas so that complete scope coverage is assured.
The very last stage of the penetration test is the summarisation of the testing and the drawing of a conclusion.
At the end of every engagement is a test report. The report details what was done, what was found, and what should be fixed. These may be:
Inadequate or improper configuration settings
Known or previously unknown software or hardware flaws
Operational gaps within business processes or technical controls.
A Penetration Test (also known as ethical hacking or a pen test) is an authorised hacking attempt, targeting your organisation’s IT network infrastructure, applications and employees. The purpose of the test is to identify security risks by actively attempting to exploit weaknesses in a controlled manner. Undertaking penetration testing allows you to proactively strengthen your organisation’s security practices.
High profile cybersecurity breaches regularly make national and even international news, and are often the result of a targeted attack. What is less well publicised are the more pervasive, lower profile breaches which are more opportunistic in nature and increasingly impact small and medium-sized organisations. This trend can be linked to the sophisticated way in which cyberattacks can now be automated and the introduction of new vulnerabilities resulting from the adoption of new technology and working practices (remote working and BYOD, such as laptops, tablets and phones).
In a rapidly changing technological landscape, organisations must not only keep pace with the speed of innovation, but also the resulting risks to information security.
Cyber Security for any size of business
CREST member company
Team of friendly certified experts
I so enjoyed Peter as a member of my Chief Information Security Officer Council at Microsoft Ltd UK. He always provided a unique insight into IT security issues of import to many global companies who were also members. A respected and senior member of the IT community, Peter and his business stands out as honourable and are the people you would want on your side.
Edward P. Gibson, Microsoft
We have used Hedgehog’s services for 7 years now. Always professional and leading in the field of Cyber Security, I have never looked back. Over the years they have regularly provided top tier penetration testing and cyber security consulting. I look forward to the next 7 years with them.
Maurice Whittaker, TWI
Peter and his company, Hedgehog Security, has been a fantastic partner/customer/advisor/anything else someone could be for me and Rapid7 sense I met him a few years ago. Their collective depth of knowledge and understanding of what's actually important in the security space & how to relate it to the business would make them a fantastic addition to any organisations IT/Executive group.
Jason PItzen, Rapid7
I original met Peter at an event where he was the guest speaker at a hacking workshop hosted by a supplier of ours. I knew from that moment I would work with him on many projects going forward. What Peter didn't know about gaining access to an organisations "crown jewels" wasn't worth knowing. He was instantly recommended by me to our then Head of IT at Towry and we proceeded to buy into everything Pete had to offer. A trusted partner and advisor whom I'd have no problem recommending to people who need to protect valuable data within their organisation.
Michael Golding, Towry
Peter is a total Internet Security guru! He can detect a threat to a website a mile off and I have never known him not to get right to the bottom of a security risk. Despite being one of the busiest people, Peter was always happy to help out with any concerns, queries or requests I had concerning security issues. He always resolved whatever had gone wrong within hours, and would always report back to let me know what had been done and what action I needed to take. He and his company are incredibly committed to their work and are a force for good for any company.
Louise, The Telegraph
I worked with Hedgehog on a very challenging project and was extremely impressed by their dedication to get the issues resolved. Hedgehog’s ability to come up with solutions while under extreme pressure is something I realised quickly and I will definitely appreciate their technical input when I am in a bind in the future.
Michael Reynolds, Aruba Networks
Peter is a rare breed of individuals who (like me) have a unique combination of heavy technical skills coupled with excellent managerial and other soft skills that make him a prize for any company. The brief time I worked with Hedgehog was great fun. Peter and his team are very practical but does not give in to any argument if they knows they are in the right. Brilliant person, brilliant company. Highly Recommended.
Amar Singh, Cyber Management Alliance
I worked closely with Peter and his fledgling company during a core network upgrade and found him to be a source of solid knowledge as well as a reliable, dedicated member of the team. The work carried out has proved very robust over the past year.
Duncan Reddish, Royal Botanic Garden Edinburgh
Hedgehogs approach focusses solely on doing what is best for the company as a whole. Completely professional, I always knew I could count on their support and advice when working on any project. A real benefit to the team, and Peter is a guy I hope to work with again in the future.
Alec, CEO Sapphire
Ask us a question, any question at all. As long as it has to do with Information Security / Cyber Security, we will get back to you with an answer.