Penetration Testing

Cyber Security Services Trusted by Global Companies

hacker

Penetration Testing and Vulnerability Scan Services

The threat of cyber-attacks has led to an increase of proactive identification of potential vulnerabilities that can be achieved with simulated and controlled security evaluations of technology solutions. Escrow London provides a comprehensive range of cyber-security services to identify and evaluate potential vulnerabilities, root cause analysis and mitigation control.  Our in-depth assessments help improve the organisational security posture and prioritises the implementation of security controls based on a simulated attack.

Penetration testing is the process of conducting a simulated attack on IT infrastructure to determine any weaknesses using the methodologies, techniques and tools that provide the best representation of what a real-world malicious attacker would do.

Trusted by Many of the World’s Leading Companies

Escrow London’s process for application and network layer testing is closely aligned with OWASP (Open Web Application Security Project) guidelines and typically includes:

Guidelines For Application And Network Layer Testing

  • Enumeration of applications and underlying infrastructure
  • Map entry points and execution paths through the application
  • Network and infrastructure configuration
  • Test HTTP methods
  • Test SSL configuration
  • Identity management
    • Role definitions
    • Registration process
    • Account provisioning process
  • Authentication and authorisation testing
    • Credentials transport
    • Lockout mechanism
    • Bypassing authentication schema
    • Privilege escalation
  • Session management
    • Cookies attributes
    • Cross Site Requests forgery (CSRF)
    • Timeout
  • Input Validation
    • Cross Site Scripting (Stored and Reflected)
    • SQL / XML / command injection
    • Format string
    • Various buffer overflow
    • Error handling
  • Client Side
    • Resource manipulation
    • Cross origin resource sharing
    • Local storage
  • Cryptography
    • Weak SSL/TLS ciphers
    • Sensitive info over unencrypted channels
  • Identity management
    • Role definitions
    • Registration process
    • Account provisioning process
  • User authentication
  • Data exposure
  • Rate limitation / resource management
  • Function level authorisation
  • Injection
  • Identifying and prioritising vulnerabilities on agreed IP addresses
  • Exploiting identified vulnerabilities to determine the risk level
  • Providing executive level reporting and actionable remediation strategies

Escrow London believes that any findings should be supported by clear evidence and explanations (attack narrative). This methodology allows clients to replicate the results if needed (proof-of-concept).

Definitions of Risk Ratings

Escrow London have adopted the Common Vulnerability Scoring System (CVSS) version 3, which is a vendor independent industry standard. It is designed to assign vulnerability severity and help determine priority of response.

Please note, the results and their severity are reported from a technical exploitation perspective and may not reflect the overall business risk management within the organisation.

SeverityBase Score RangeExamples
None0.0–
Low0.1-3.9Information can be obtained by hackers on configuration
Medium4.0-6.9Sensitive information can be obtained by hackers on configuration
High7.0-8.9

Trojan horses, Remote command execution, File read exploit, directory browsing and Denial of Service (DoS)

where command execution is possible

Critical9.0-10.0System is accessible by unauthorised users, default passwords
hacker 2

Looking to implement a secure software escrow solution?

Leading Companies Trust Escrow London

YES! I want a free quote

If you have any questions about our services or would like to receive a free quote, simply fill in your details and we will be in touch with you.