On this page
- Web Application Penetration Testing
- External Penetration Testing
- Vulnerability Assessment
- Internal Penetration Testing
- OT/SCADA Network Penetration Test
- Red Teaming
- Purple Teaming
- Social Engineering & Phishing
- Denial of Service (DoS) Testing
- Configuration Reviews
- Source Code Review
- Application Penetration Tests
- Artificial Intelligence (AI) Penetration Test
- Specialist Testing
External, internal, Wi-Fi, web app or API, the Bastion penetration testing team can assess your people, processes and systems for weaknesses to help you identify potential risks. We use a structured approach to pentesting which is based on the Open Source Security Testing Methodology Manual (OSSTM) and Open Web Application Security Project (OWASP) Testing Guide.
We ensure risk is adequately quantified for your business and provide a detailed, but easily digestible, report on any potential vulnerabilities found. We also provide you with operationally-focused technical recommendations to assist you with remediation.
Web Application Penetration Testing
Our experienced pentesters will test your website(s) for common web application security vulnerabilities. Testing starts from an unauthenticated perspective, in that the attacker does not have valid credentials, then continues to authenticated testing, using credentials to try access resources not permitted by the users role.
External Penetration Testing
Bastion security pentesters will review your presence on the internet and your susceptibility to being compromised. We will be looking to see if your patches are up to date, if there are any misconfigurations that could be exploited, or if access to your administrative interfaces can be gained. Testing will include unauthenticated enumeration from the public internet and can start from a provided known perimeter or assume no knowledge.
An external penetration test differs in scope to a red teaming exercise in that no correspondence is entered into with staff members (i.e., malicious phishing emails are not sent).
A vulnerability assessment is light-touch review to identify exploitable systems, but unlike a penetration test, we will not take the extra step of verifying the exploitability of any identified vulnerabilities. This engagement involves an external scan of your systems to identify any known vulnerabilities in the underlying infrastructure, operating system, or application hosting servers, and our report will include any relevant remediation actions.
Internal Penetration Testing
Our experienced consultants can test the limits of your network to identify any risks or vulnerabilities for you to address. Typically, these engagements involve our consultants being provided with a connection to the corporate network, without any additional knowledge of the environment. Their goal is to infiltrate the network and meet the defined objectives which often includes obtaining administrative permissions. Some of our internal penetration testing options include:
- Corporate internal network: Some clients provide us with a specific target, such as an executive’s email inbox, or a financial database
- Network segregation testing: Scanning defined zones to verify the effectiveness of the segregating controls between them, to ensure only the expected level of communication is allowed, and attacker lateral movement is prevented
- Wi-Fi: (guest, mobile, BYOD and corporate) for weak or absent: passwords, authentication or network-separation controls
OT/SCADA Network Penetration Test
We work with a wide range of companies running Operational Technology (OT) or Supervisory Control and Data Acquisition (SCADA) networks. We have extensive experience testing these systems and understand the critically of them, how delicately you must tread when assessing them, and the significance of any potential compromise. We aim to ensure any potential business impact is minimised, and as such can work around your requirements, including scheduling testing outside of business hours to suit maintenance or outage windows.
Our red team engagements will test your people, systems and buildings for security weaknesses. Our skilful consultants will act as an attacker would, potentially engaging with/social engineering your staff to try gain access. This engagement will test your organisation’s operational security response to a real-life intrusion as only a few key staff will be aware that testing is being conducted.
A purple team engagement comprises both attack and defence. Typically, our consultants (the red team) attack your local network, while communicating directly with your Security Operations Centre (blue team), who can then determine what your monitoring tools are identifying, and learn in a live scenario thus improving their monitoring capability. We can couple this exercise with AD exploitation training to give your SOC hands-on experience with the tools and techniques used to compromise a Windows domain.
Social Engineering & Phishing
Social engineering is the use of deception to manipulate individuals into sharing confidential or personal information for malicious reasons, and phishing is a common attack vector for achieving this. In a phishing engagement, our expert consultants will run a sanctioned phishing simulation campaign with the goal of enticing your staff to enter their credentials. Once captured, statistics are collated, and a report generated for the management team.
We recommend regular phishing simulations, as a continual cycle of planning, education, assessment, measurement and reinforcement is recognised by the industry as the most effective way to increase awareness.
Denial of Service (DoS) Testing
We can conduct DoS testing against your web applications, network services or entire internet connection. The goal of the engagement is to quantify the impact of a DoS attack, test any DoS mitigation services you might be paying for, and confirm your plans and processes work as expected. The results of these simulations should feed into, and improve, your incident response plan.
Our expert consultants can review your systems for common misconfigurations, potential vulnerabilities or security control weaknesses and to ensure your configuration meets industry recommended good practice. We can review:
- Active Directory Configuration
- Database Configuration
- Firewall Rule Base
- Gallagher Server Configuration
- Host Configuration
- Network Device Configuration Review (Switch, Router, firewall)
- Solution Design/Architecture
- VPN Security
Source Code Review
The code for your application is reviewed first using automated tools, then manually by one of our consultants to identify common coding issues, the presence of backdoors (malicious or otherwise) and security flaws. We have experience in a wide range of programming languages.
Application Penetration Tests
Bastion’s skilled pentesters can test a range of applications to identify any vulnerabilities, insecure storage, or weaknesses in your authentication, configuration, implementation, or data flows. We can help you with:
- API Penetration Testing
- Kiosk Penetration Testing (physical and software components)
- Mobile Application Security Review (Android and iOS)
- Password Auditing (hash cracking)
- Thick Client Penetration Testing
Artificial Intelligence (AI) Penetration Test
Our AI pentesting service specialises in uncovering vulnerabilities unique to AI implementations. Our team employs advanced techniques to assess attack vectors, Large Language Model (LLM) vulnerabilities, and risks to data integrity and confidentiality.
We also offer specialist testing that focuses on practical, real-world attacks used by criminals. We use our traditional red teaming knowledge to attempt side-channel attacks that completely bypass these systems where possible. This will give you a deeper understanding of the exact security your system provides, and our detailed recommendations will help you mitigate, or plan for, any issues arising from testing. We do:
- Biometric Testing (facial & voice recognition, including liveness)
- Hardware Hacking (firmware reverse engineering, serial interface access, power glitching)
- Radio Spectrum/Wireless Testing (3G, Bluetooth, Zigbee, GSM, GPS): we have a wide range of software defined radios (SDRs) which can emulate full duplex radio signals from 10Mhz to 6Ghz