Woman on PDA

Penetration Testing

Castleforce can offer Penetration Testing to identify all areas of vulnerability within your network.  Our security consultants use up-to-date techniques, technologies and information sources used by genuine hackers to mitigate the identified risks and improve security measures.

Typical Penetration Test Procedure

The testing process consists of the following steps:

  • Information Gathering
  • Information Analysis and Planning
  • Vulnerability Detection
  • Penetration
  • Attack/Privilege Escalation
  • Analysis and reporting
  • Clean-up

Tests are carried out both remotely and locally to best simulate the types of attacks that a customer may experience from a determined attacker.

Potential areas covered during our Penetration testing include the following;

  • Network security testing: We analyse the security of your networks, considering the potential for both an internal and external attack. Important for all organisations, it is essential for high profile or Internet businesses where breaches of customer confidentiality or fraud could result in bad publicity, loss of reputation and business
  • Remote access and remote worker security: We ensure your organisation is equipped to manage the security risks that arise from remote and home working. Issues such as laptop security, home and remote worker security, VPN security and access to remote servers are considered
  • Application security testing: We rigorously test your applications to ensure they are secure enough to cope with the transactions they are required to undertake (e.g. online banking and order processing)
  • Social engineering: We cover the 'human element' associated with risk and how real threats such as unauthorised physical entry into buildings, obtaining sensitive information, impersonation and deception can be addressed
  • Payment Card Industry Data Security Standard (PCI DSS): As a Qualified Security Assessor (QSA), our Approved Scanning Vendor team helps organisations who sell or take donations or payments by credit card to become and stay compliant with the PCI DSS, ensuring they do not risk fines or being permanently barred from the card acceptance programme in the event of a security breach.
  • Forensics (Incident Response & Investigation Services): If your systems have been attacked or if you require forensically sound investigation of suspected computer abuse our Computer Forensic Incident Response & Investigation Services deliver a professional service based on real technical expertise and investigation experience.


Castleforce Penetration Testing Service

Additional Assessment Services

  • Database Security Assesment Service (DSAS)
  • Oracle Security Services
  • Application Security
  • Wireless and Mobile Security
  • Embedded and Hardware Security

Pentration Testing Training

If you're interested in finding out more about Pentration Testing and Security Audits we can offer the following security courses

  • Certified Ethical Hacker (CEH) 
  • Certified Information Systems Manager (CISM) 
  • Certified Information Systems Auditor (CISA)
Trend Micro Websense integrated Web, data and email security Assuria is a UK based IT Security software developer, providing automated compliance and information assurance solutions Stonesoft produce high availability multi link ISP firewalls to help reduce single point of failure Breach Security Celestix produce high performance appliances coupled with hardened Microsoft security products Barracuda Logo Acronis Backup and Recovery Software Tricerion Identity Integrity Check Point firewalls and Pointsec Encryption software Mimecast Partner SkyRecon Intelligent Client Security Integrated Encryption and Device Control eSoft Network + Application layer firewalls with optional Web filtering, Spam Protection and IPS

© Copyright Castleforce 2007-2009. Web design by Theme Group