Penetration Testing

What is Penetration Testing?

Penetration testing is hacking with permission, or "ethical hacking," with the obvious goal being for you to hack yourself before someone else hacks you.

NESECO are leaders in Internet Security!

The best way to guarantee the security of your systems is to take on a specialist trusted partner that makes it their core business to stay ahead of the criminal hacking community. A penetration test is a proven method of evaluating the security of your computing networks, applications and infrastructure by simulating a malicious attacks.

At NESECO we have built our penetration testing team with some of the best security professionals in the industry. Our testers are considered world class and are well known for their raw technical skills. Since starting in 2010, we have completed hundreds of penetration tests and have fine-tuned our testing methodologies. It is this methodology that keeps our clients coming back.

We take on the role of trusted advisor with our clients, rather than a set and forget approach to IT security. It is one thing to perform a penetration test, but it takes years of experience and a firm business level understanding to provide quality advice. All our testers are trained to identify actual business risk and we value our approach to helping clients stay ahead of the curve in regards to their security posture. Our aim is to work with you and your team to identify the IT security risks you face today and in the future.

Penetration Testing Methodology   

NESECO has a rigorous penetration testing methodology that covers both infrastructure and application testing scenarios. Although we customize each engagement to our client’s needs, we follow the same proven methodology so as to maintain a consistent and reproducible set of results.

NESECO’s infrastructure testing methodology is based around six core phases:


NESECO has a specific methodology associated with web application assessments. This methodology encompasses six additional phases of assessment and is aligned with the Open Web Application Security Project (OWASP).


An infrastructure penetration test is a proven method of evaluating the security of your computing networks, infrastructure and application weaknesses by simulating a malicious attack.  Our infrastructure penetration testing services include:

Internal Penetration Testing

NESECO initially performs stealthy attacks designed to enumerate the systems and devices within the network. This includes using valid requests to strip sensitive information out of Windows systems such as lists of valid usernames and cracking weak passwords. These systems are then fingerprinted to identify security weaknesses in order to identify any “low hanging fruit”.

Attacks against the highest value targets with the most likely success rate are then designed and executed in order to compromise systems and devices throughout the environment. These attacks range from exploiting vulnerable machines, to capturing authentication credentials from network traffic, or hacking into database providing an interface through to the underlying operating system.

External Penetration Testing

This assessment begins with a process of data collection and network reconnaissance to learn as much as possible about the network topology and its hosts. Next is the enumeration phase, in which each component of the network is analyzed to extract details about its operating system, service types, protocols supported, and configuration parameters.

From this point, several paths exist to system or data compromise. Exploiting known or suspected software vulnerabilities, manually discovering a configuration flaw in the service, or identifying a weak password will result in a successful penetration.

Wireless Penetration Testing

Wireless penetration testing begins with limited knowledge and no credentials provided and is designed to simulate a real-world attack on your wireless networks. While this practical exercise is not designed to test the effectiveness of each implemented control individually, you will learn what vulnerabilities exist and the overall information security risk the wireless infrastructure introduces to your IT environment.

If desired, testing can also be performed with provided user credentials to associate to the wireless network and determine if access controls to connected networks are sufficient and systems located on the wireless network are hardened. Similar to NESECO's other infrastructure penetration services, the process will start with reconnaissance, moving to enumeration, vulnerability identification, and lastly validation to eliminate false positives.

We ensure each client is provided with a comprehensive testing scope, which is agreed upon by both parties prior to the penetration test commencing.


Application Penetration Testing is an "ethical attack" intended to reveal the effectiveness of an application's security controls by highlighting risks posed by actual exploitable vulnerabilities. NESECO offers a number of application penetration testing services including:

Application Security Testing

NESECO's Application Security Tests use our proven process to ensure consistent quality, risk-based analysis. The testing process for application analysis includes a structured process of steps, each of which are meant to provide the tester with additional knowledge of the application structure and to conclusively identify the existence of a specific vulnerability, thereby eliminating false positives.

The process begins with resource and content enumeration, followed by a review of the application configuration and associated communication methods. Testing of user-accepted input sources is then performed, concluding with the testing of login forms and credentials and the examination of session processes used by the application.

This application security testing criterion is based on coverage of the classes of vulnerabilities identified in the CWE/SANS Top 25 Most Dangerous Software Errors.

Web Application/Service Penetration Testing

No matter which technique you choose to ensure the security of your web applications, whether it is penetration testing, secure code reviews, deploying a Web Application Firewall, or a combination of all three, you can be assured that NESECO will adopt its web application security verification methodology so that you completely understand the risks posed to your business.

We have developed a comprehensive Web Application Security Verification Methodology that covers:

  • Authorization: Access Control, Session Management, Authentication and Backdoors within code
  • Security Configuration: Security Architecture, Error Handling and Logging, Internal Security and Output Encoding
  • Data Protection: Communication Security, Cryptography, HTTP Security and Input Validation

For added security online, we also recommend a Secure Code Review and deploying a Managed Web Application Firewall.

Mobile Application Penetration Testing

Mobile applications are becoming more and more prevalent with Android and IOS smart phones dominating the market. Businesses are extending their IT services to mobile applications.  It is important to ensure that these applications do not open any new vulnerabilities to the business, such as leakage of confidential data outside the organisation.

NESECO's testing objective is to ensure that the application can only be used for its intended purpose and can’t be used to negatively affect the business.

Our methodology tests both the application and its backend services that it communicates with. NESECO does this by using combinations of the following techniques:

  • Intercepting mobile traffic and manipulating the data sent between the device and the business. This can be both binary or TCP based communication.
  • Reverse engineering the application to find additional functionality and security constraints that can be bypassed.
  • Analysing how the application stores and sends data.
  • Performing run time analysis and manipulation to bypass client side security controls.
  • Identifying if the application is securely coded and ensuring it can not be tampered with by other application on the device.


SCADA : Supervisory Control and Data Acquisition. A type of control system that can be used to monitor many different kinds of equipment in many different kinds of environments * In General Refers to an industrial control system (ICS).

Why perform SCADA Security Testing?

SCADA systems are increasingly becoming a target for focused attackers. In order to ensure that SCADA based systems are secured from external threats, self assessment and external independent testing should be preformed bi-annually.

NESECO has performed many assessments on SCADA networks and has in-depth experience in assisting clients integrating security controls into there SCADA environment.


SCADA Security Testing

NESECO conduct SCADA penetration testing techniques using proven approaches and methodologies. Our team of consultants have strong SCADA experience and have some of the most rigorous industry certifications.

Due to the criticality of the systems that are being tested, NESECO recommends a highly consultative approach to SCADA pen testing. During the scoping phases, NESECO looks to gain access to information about the systems being tested, and reviews this with the client to understand any perceived risks. Throughout the consultation phase, NESECO will identify which aspects of the environment should be tested and whether sampling is appropriate.

NESECO conduct controlled port and vulnerability scans, and then validates all output to identify which vulnerabilities could impact the environment. These techniques utilize both manual and automated approaches, and are highly respectful to the sensitivity and criticality of the systems that are being tested. NESECO continues by assessing the security configuration and management of the SCADA network environment, paying particular attention to user management, access control and application level security parameters.

SCADA Security Testing Methodology

SCADA Penetration Testing follows documented security testing methodologies which can include:

  • Port Scanning
  • System Fingerprinting
  • Services Probing
  • Exploit Research
  • Manual Vulnerability Testing and Verification
  • Manual Configuration Weakness Testing and Verification
  • Administrator Privileges Escalation Testing
  • Password Strength Testing
  • Network Equipment Security Controls Testing


Social engineering and phishing threats are two of the most challenging and damaging threats the Information Security Community faces.

Why Test Social Engineering?

For many organizations, employees are often overlooked as a potential threat to company security, not realizing that a skilled social engineering attack could compromise the entire organization. Even the best network and systems security will not prevent an attack directed at your employees. Malicious hackers can be extremely effective at coercing people to break their normal security procedures and divulge confidential information.

NESECO's Social Engineering Security Assessment reviews and evaluates user awareness of specific information security policies and procedures. The primary goals of this assessment are to:

  • Provide management with an understanding of the level of risk introduced by end users.
  • Provide recommendations and details to facilitate a cost-effective and targeted mitigation approach.
  • Create a basis for future decisions regarding information security strategy and resource allocation.

OnSite: Physical Social Engineering

For Physical Social Engineering, a variety of scenarios can be tested, from attempting unauthorized access at one or more locations to interacting with staff and testing documented IT policies. The process starts by defining the scenario to be tested, selecting the locations to be targeted and coordinating the actual test with the client.

For Portable Media Social Engineering, NESECO use a small piece of software that is installed on the device. Once a user plugs the device into their system, the software will automatically 'call home' and notify us who plugged in the device and a variety of other system details, often including local passwords used on the system. While this test will not impact the user's system, the same scenario is commonly used by attackers to compromise end-users.

NESECO's onsite social engineering techniques include:

  • Users are engaged in person to test specific information security policies.
  • Memory sticks, thumb drives, USB drives or other such devices are distributed anonymously and employees are tested to determine if they are used on company resources.

Remote: Phishing Social Engineering

For Email-based Social Engineering, NESECO requests the client provide a list of email addresses to be tested. A custom email will be crafted and sent using a spoofed source email address to each employee. The email message will encourage the user to perform a variety of non-secure activities such as clicking on a link or visiting an unauthorized website. The activity is recorded and presented. For an additional fee, the client can choose not to provide a list of email addresses and NESECO will find all email addresses publicly available.

For Telephone-based Social Engineering, NESECO requests the client provide names and telephone numbers of enough employees so that sample employees can be contacted and persuaded to compromise their password. We have found a limited number contacts are usually enough to gauge the effectiveness of training throughout the organization.

NESECO's  remote social engineering techniques include:

  • Email — Users are engaged remotely via email and tested if they will interact with untrusted links, websites, or requests. Sensitive information will also be requested.
  • Telephone — Users are engaged remotely via the telephone and are tested if they will disclose sensitive information such as their passwords.