Is your business at risk? DO YOU NEED TO KNOW?






Full text


Is your business at risk?


Disclosure of confidential information

Disclosure of sensitive data can result in loss or damage, such as identity theft, lawsuits, loss of business, or regulatory fines.

The need to protect access to credit card information, medical records and sensitive data such as your customer's username and passwords is critical in order to maintain

customer confidence. Failure to secure this data can lead to unnecessary and costly financial consequences.

Brand and Intellectual Property are

organizations important assets. This includes the company's knowledge, ideas and identity. Any loss in this area will destroy your competitive advantage, your reputation and your position in the market place.

Prevent financial loss through fraud

Cybercrime is one of the fastest-growing criminal activities on the planet and as a result businesses are loosing billions of pounds every year.

Cybercrime covers a huge range of illegal activity including financial scams, computer hacking, downloading pornographic images from the internet, virus attacks, stalking by e-mail and creating websites that promote racial hatred.

Client-side attacks

Another growing security issue, typically

from an external source, is an attack on targeted users from your internal user base.

Too often organizations focus on

server/perimeter protection which is not relevant to this threat leaving the user

community wide open. In reality this is a threat to the desktop and if not treated in isolation can remain the 'weakest link'. Neglect can have enormous financial consequences.

Business continuity

Organizations need to ensure that their critical business functions will be available internally and externally to their customers, suppliers, regulators, and other entities that must have access to those resources and functions. A breach in data availability can have huge consequences in the running of the business which in turn can lead to internal disruption and chaos, reduction in customer confidence and therefore retention, lack of trust and loss of revenue.

Do you need Penetration Testing?


Evaluate your IT security investment

A snapshot of the current security posture and an opportunity to identify potential breach points. The penetration test will provide you with an independent view of the effectiveness of your existing security processes in place, ensuring that patching and configuration management practices have been followed correctly.

This is an ideal opportunity to review the efficiency of the current security investment. What is working, what is not working and what needs to be improved.

Protects clients, partners and third parties

Increases clients, partners and third parties confidence in the knowledge that you are taking a professional approach by taking the necessary measures to maintain the security of your environment.

This will lead to maintaining existing business, attracting additional and new business and subsequently increase revenue and profit.

Reducing risk to the business

A penetration test will show the vulnerabilities in the targeted systems and the risks to the business. Based on an approved approach each of the risks is then evaluated. This forms the basis for a detailed report classifying the risks as either High-Medium-Low.

The categorization of the risk will allow you to tackle the highest risks first, maximising your resources and rapidly reducing the impact of the risk to the business.

The Value of Penetration Testing Services



Pride in the excellence of our work

Established reputation with a strong customer base of large corporates A structured approach built on proven

methodologies including CREST, OWASP and OSSTM

Ability to assist companies early in the development lifecycle to create secure applications

Trend analysis tracking progress across multiple tests for the same client using this data to assist in improving processes which might be flawed

A history of building strong working partnerships with our clients

We care A business built on the delivery of penetration

testing and security services

A proven combination of commercially tools and bespoke custom tools to assess the security posture effectively

Experience in multiple sectors and therefore ability to quantify risk in context not just as a metric

Output includes thorough reports with

recommendation for an effective way forward to ensure maximum benefit back to the business

A CREST certified team which follows and maintains strict code of ethics

Developing trust is important as we move forward together


Case Study

Power station protection secured

The challenge

SECFORCE was selected by a power station based in the UK to provide a security health check of their internal corporate network. The power company was confident that all the regulations and security best practices had been followed, especially as the power plant operated a tight critical infrastructure. The client

confirmed that the internal network and their SCADA (supervisory control and data

acquisition) systems were not interconnected and therefore it should not be possible to reach their most critical systems.

SECFORCE results

By using a structured approach the SECFORCE team, with no privileges, connected to the internal network. SECFORCE then identified a web application vulnerable to a number of attacks which could allow an anonymous attacker to fully compromise the back-end database. It was later discovered that the same database server was also used by the SCADA systems to log information, which could then be readily available for internal corporate users to access.

A misconfiguration in the firewall separating both networks allowed access from the compromised database server to the SCADA network. It was identified that it was possible to access all the control panels and potentially manipulate all the settings in the power plant. SECFORCE on completion of the penetration test provided a findings report together with

recommendations which was then presented both to business and technical management. Effective mitigating actions were implemented at which point SECFORCE carried out a re-test to ensure the critical infrastructure was totally secured.



Suite 11, Beaufort Court Admirals Way

E14 9XL London

TEL +44 (0) 845 056 8694

SECFORCE is a leading penetration testing company

working with key organizations to protect their business

infrastructure from internal and external attacks

Services delivered on-site and off-site as required


Palazzo Towers W, Montecasino William Nicol Dr, Johannesburg Fourways, Gauteng, 2000 TEL +27 (0) 11 5100 161