Professional quality penetration testing, when you need it.

You’ve invested in systems and technology in order to defend your business, but how safe is your data? Security testing applies the mentality of a hacker to your organisation across all disciplines – so you know for sure if you have any vulnerabilities, where they lie and how to fix them.

Our highly qualified security experts are recognised by industry bodies such as CHECK and Cyber Scheme, and use the latest methodologies to comprehensively assess your cybersecurity posture. IRM’s penetration tests emulate a threat actor’s attack to evaluate how our clients’ cyber security strategy responds to it.

With over 20 year’s security experience, we have expertise in testing operational technology environments. Specialist testing services in this area include IoT, SCADA, hardware device reviews, embedded systems and industrial control systems.

Wireless Testing

Inherent cyber risks associated with Wi-Fi networks are often a result of rogue access points, improperly secured wireless devices and even active wireless clients.

IRM’s wireless testing service evaluates the security posture of your wireless networks and their compliance with pre-defined standards. Our methodology involves:

  • Perimeter Survey – assessing the visibility of any wireless access points available to a physically external attacker
  • Site Survey – an internal assessment to detect the presence of any RF devices on the network
  • Cryptographic Analysis – examining the resilience of any wireless devices discovered to typical attack techniques
  • Access To Wireless Networks – a detailed examination of the wireless network in pre-authentication and post-authentication modes to determine levels of access
  • Configuration Review –  reviewing the access point (AP) configuration in order to identify any deviations from best practice
  • Analysis And Reporting –  a report that includes an executive summary and clear security risk, recommendation and remediation advice

⇒ Contact us about Wireless Testing

Mobile Testing

Enterprise-wide mobility is now the norm. Businesses are increasingly reliant on mobile applications as they continue to generate more revenue and allow employees to collaborate effectively and work from any geographic location.

However, mobile applications also come with their own unique security challenges and have become an alternative target for hackers. Our mobile application testing service has been created to give you peace of mind that your company’s applications remain secure and operate effectively for everyone, everywhere and at all times. Our methodology involves:

  • Functional Review – mapping the entire application to identify key functionality and features to be examined
  • Threat Assessment – detecting areas that will offer potential threats and attack vectors will be identified to inform future test stages
  • Web Technologies – checking for weaknesses and evaluating the remove supporting infrastructure
  • Static and Dynamic Analysis – examining permissions and resources for mis-configurations
  • Subversion Attempts – assessing whether weaknesses can be leveraged to escalate privileges or gain unauthorised access
  • Report and Explain – delivering a formal report including an executive summary, recommendations and detailed remediation advice

⇒ Contact us about Mobile Testing

Cloud Testing

IRM has extensive experience in working with major cloud service providers. With organisations frequently turning to cloud based services, we offer cloud services testing as part of our core penetration testing offerings. 

Our cloud testing service will help you to deliver security assurance against the existing build and configuration of the service provider’s environment.

Our defined testing methodology combines many of the steps found within our standard infrastructure and application testing methodologies. In addition, IRM can perform an additional layer of assessments against these externally accessible hosts while also reviewing the hypervisor layer to ensure full coverage of the environment.

⇒ Contact us about Cloud Testing

Web Application Testing

As applications become more complex, they can be easily compromised if security is not considered during the development lifecycle.

Using the methods of real-world attackers in a controlled manner, IRM ensure that our client’s applications are safe, secure and adhere to security best practice. Our web application methodology involves:

  • Mapping – the entire application, enumerating all available directories and functionality, whilst understanding the design and logical flow
  • Analysis – examining the application’s supporting infrastructure for vulnerabilities
  • Identification – highlighting points of interest and potential attack vectors for exploitation, examining the application’s authorisation, encryption and server configuration
  • Exploitation – continually assessing the ease and impact of exploitation in key application components
  • Analysis and Reporting – producing an Executive Report that includes an executive summary and clear security risk, recommendation and remediation advice

⇒ Contact us about Web Application Testing

Operational Technology Testing

Bringing together digital technology with domain expertise across industries such as aviation, energy, automotive, healthcare, and transportation can achieve a potential 20% increase in performance. However the wider adoption of operational technology introduces new cybersecurity threats which need to be addressed.

Operational technology (OT) systems have often been developed and implemented as standalone systems without having to consider a range of threats from a security  perspective.

Altran’s strong pedigree in engineering combined with IRM’s extensive cybersecurity expertise delivers a capability to allow businesses to assess, identify and ultimately reduce cyber risk in OT environments. Our approach provides a comprehensive set of services that will allow businesses to manage an emerging threat to the OT world.

Secure Architecture and Design Reviews

Instructing an architecture and design review can uncover vulnerabilities and provide insights for re-engineering your design to meet the industry standard and your company’s required policy.

With most vulnerabilities introduced at the design phase, the World Class Center for Cybersecurity works endlessly with organisations to ensure a “Secure by Design” approach is adopted.

Learn more about our Secure by Design services. [link to specific landing page]

⇒ Contact us about Secure Architecture and Design Reviews