Professional quality penetration testing, when you need it.

You’ve invested in systems and technology in order to defend your business, but how safe is your data? Security testing applies the mentality of a hacker to your organisation across all disciplines – so you know for sure if you have any vulnerabilities, where they lie and how to fix them.

Our highly qualified security experts are recognised by industry bodies such as CHECK and Cyber Scheme, and use the latest methodologies to comprehensively assess your cybersecurity posture. IRM’s penetration tests emulate a threat actor’s attack to evaluate how our clients’ cyber security strategy responds to it.

With over 20 year’s security experience and Altran’s engineering background, the World Class Center for Cybersecurity has expertise in testing operational technology environments. Specialist testing services in this area include IoT, SCADA, hardware device reviews, embedded systems and industrial control systems.

Logos of various Cyber Industry Bodies

Wireless Testing

Inherent cyber risks associated with Wi-Fi networks are often a result of rogue access points, improperly secured wireless devices and even active wireless clients.

IRM’s wireless testing service evaluates the security posture of your wireless networks and their compliance with pre-defined standards. Our methodology involves:

  • Perimeter Survey – assessing the visibility of any wireless access points available to a physically external attacker
  • Site Survey – an internal assessment to detect the presence of any RF devices on the network
  • Cryptographic Analysis – examining the resilience of any wireless devices discovered to typical attack techniques
  • Access To Wireless Networks – a detailed examination of the wireless network in pre-authentication and post-authentication modes to determine levels of access
  • Configuration Review –  reviewing the access point (AP) configuration in order to identify any deviations from best practice
  • Analysis And Reporting –  a report that includes an executive summary and clear security risk, recommendation and remediation advice

⇒ Contact us about Wireless Testing

Mobile Testing

Enterprise-wide mobility is now the norm. Businesses are increasingly reliant on mobile applications as they continue to generate more revenue and allow employees to collaborate effectively and work from any geographic location.

However, mobile applications also come with their own unique security challenges and have become an alternative target for hackers. Our mobile application testing service has been created to give you peace of mind that your company’s applications remain secure and operate effectively for everyone, everywhere and at all times. Our methodology involves:

  • Functional Review – mapping the entire application to identify key functionality and features to be examined
  • Threat Assessment – detecting areas that will offer potential threats and attack vectors will be identified to inform future test stages
  • Web Technologies – checking for weaknesses and evaluating the remove supporting infrastructure
  • Static and Dynamic Analysis – examining permissions and resources for mis-configurations
  • Subversion Attempts – assessing whether weaknesses can be leveraged to escalate privileges or gain unauthorised access
  • Report and Explain – delivering a formal report including an executive summary, recommendations and detailed remediation advice

⇒ Contact us about Mobile Testing

Cloud Testing

IRM has extensive experience in working with major cloud service providers. With organisations frequently turning to cloud based services, we offer cloud services testing as part of our core penetration testing offerings. 

Our cloud testing service will help you to deliver security assurance against the existing build and configuration of the service provider’s environment.

Our defined testing methodology combines many of the steps found within our standard infrastructure and application testing methodologies. In addition, IRM can perform an additional layer of assessments against these externally accessible hosts while also reviewing the hypervisor layer to ensure full coverage of the environment.

⇒ Contact us about Cloud Testing

Web Application Testing

As applications become more complex, they can be easily compromised if security is not considered during the development lifecycle.

Using the methods of real-world attackers in a controlled manner, IRM ensure that our client’s applications are safe, secure and adhere to security best practice. Our web application methodology involves:

  • Mapping – the entire application, enumerating all available directories and functionality, whilst understanding the design and logical flow
  • Analysis – examining the application’s supporting infrastructure for vulnerabilities
  • Identification – highlighting points of interest and potential attack vectors for exploitation, examining the application’s authorisation, encryption and server configuration
  • Exploitation – continually assessing the ease and impact of exploitation in key application components
  • Analysis and Reporting – producing an Executive Report that includes an executive summary and clear security risk, recommendation and remediation advice

⇒ Contact us about Web Application Testing

Operational Technology Testing

Bringing together digital technology with domain expertise across industries such as aviation, energy, automotive, healthcare, and transportation can achieve a potential 20% increase in performance. However the wider adoption of operational technology introduces new cybersecurity threats which need to be addressed.

Operational technology (OT) systems have often been developed and implemented as standalone systems without having to consider a range of threats from a security  perspective.

Altran’s strong pedigree in engineering combined with IRM’s extensive cybersecurity expertise delivers a capability to allow businesses to assess, identify and ultimately reduce cyber risk in OT environments. Our approach provides a comprehensive set of services that will allow businesses to manage an emerging threat to the OT world.

SCADA and ICS Testing

SCADA and Industrial Control Systems (ICS) over recent years have moved from closed networks and systems to open systems and TCP/IP networks. What does this mean? It opens up these networks to the same risks that traditional computer networks face.

We have a team of experienced SCADA security testers, who understand the differences between SCADA, Industrial Control Systems (ICS) and Programmable Logic Controllers (PLCs). Our methodology involves:

  • Reconnaissance – identifying all external connections and gathering crucial information relating to the vulnerabilities within target systems, such as running network services and operating system versions
  • Analysis – reviewing the supporting network infrastructure, host operating systems, application and PLCs in order to fingerprint systems and network components for vulnerabilities
  • Identification – deploying specialist ICS testing tools in order to identify likely points of interest to threat actors and potential attack vectors for exploitation
  • Exploitation – continually assessing the ease and impact of exploitation in key application components and logic, including logic flaws, authentication, access controls and parameter manipulation.
  • Analysis and Reporting – producing an executive report which includes an executive summary and clear security risk, recommendation and remediation advice.

⇒ Contact us about SCADA and ICS Testing

Internet of Things Testing

With a world of developing technologies, more and more items are being connected to the internet. With an expected 75.44 billion connected devices expected worldwide by 2025, it never been more important to ensure the safety and security of the Internet of Things (IoT).

The World Class Center for Cybersecurity provides end-to-end IoT product security evaluations in line with industry standards. We can help organisations balance your risk with the demands of bringing a product to market.

Our technical consultants will help you strengthen the security of your IoT products across a number of different industries including smart devices for domestic use, smart metering or smart devices used in the automotive and transport sectors.

⇒ Contact us about IoT Testing

Embedded Systems

Embedded systems are the electronically controlled devices where software and hardware are tightly coupled. Organisations with embedded systems in vehicles, medical devices and smart grids, for example, have a responsibility to test the security of their products to prevent vulnerabilities across the whole architecture of the system.

Embedded systems testing is becoming increasingly important for organisations of critical national infrastructure (CNI). This is because they often run on old systems where a cyber-attack could create a catastrophic impact.

Testing embedded devices is much more complex than a standard penetration test. The World Class Center’s experience, expertise and lab facilities allows us to overcome this issue to offer embedded systems testing to a high standard.

⇒ Contact us about Embedded Systems Testing

Secure Architecture and Design Reviews

Instructing an architecture and design review can uncover vulnerabilities and provide insights for re-engineering your design to meet the industry standard and your company’s required policy.

With most vulnerabilities introduced at the design phase, the World Class Center for Cybersecurity works endlessly with organisations to ensure a “Secure by Design” approach is adopted.

Learn more about our Secure by Design services. [link to specific landing page]

⇒ Contact us about Secure Architecture and Design Reviews

Download Security Testing Brochure

Ensure that security keeps up with the changing demands of your business. Download our Security Testing Service Overview Brochure to learn more about what we offer.

Download

Get the latest updates & resources

Sign up to our newsletter and get access to all of our resources, security tips and news

Sign up to the newsletter

Complete your details to subscribe to our weekly newsletter.