Physical Penetration Testing
Understand the true strength and effectiveness of physical security controls in data centers, offices, substations, critical infrastructure and more
The primary objective for a physical penetration test is to measure the strength of existing physical security controls and uncover their weaknesses before they are able to be discovered and exploited. Physical penetration testing, or physical intrusion testing, will reveal real-world opportunities for malicious insiders and outsiders to be able to compromise physical barriers (ie: locks, sensors, cameras, mantraps) in such a way that allows for unauthorised physical access to sensitive areas leading up to data breaches and system/network compromise.
This type of test is an attack simulation carried out by our highly trained security consultants in an effort to:
- Identify physical security control flaws present in the environment
- Understand the level of real-world risk for your organisation
- Help address and fix identified physical security flaws
- AGG's physical penetration testers have experience infiltrating some of the most secure environments the same way criminal elements would. They have gained this experience having operated within the UK Special Forces and leverage this experience to zero in on critical issues and provide actionable remediation guidance.
Many organisations expend significant resources in the defence of their facilities without ever testing the controls they put in place. Physical security vulnerabilities can expose your organisation’s most precious resources to catastrophic risk, and are therefore deserving of evaluation in their own right. This assessment attempts to find and exploit gaps and vulnerabilities that may jeopardise the effectiveness of the whole security program.
Who Needs This Service?
Organisations that hold valuable assets in their facilities should test whether physical security controls actually prevent unauthorised access. Attackers able to exploit gaps in these controls may be able to steal sensitive data, damage property, gain access to information systems, and perform other malicious activities.
AGG's web application penetration testing service utilises a comprehensive, risk-based approach to manually identify critical application-centric vulnerabilities that exist on all in-scope applications.
- Information Gathering
- Threat Modelling
- Vulnerability Analysis
Using this industry-standard approach, AGG’s comprehensive method involves a proprietary approach developed through the years that includes, but not limited to: Passive Reconnaissance, Open Source Intelligence (OSINT), Active Reconnaissance (drones, onsite covert observation), Vulnerability Identification, Exploitation, Post-Exploitation and more…
In order to perform a comprehensive real-world assessment, AGG utilises commercial tools, internally developed tools and the same tools that bad actor might use on each and every assessment. Once again, our intent is to assess systems by simulating a real-world attack and we leverage the many tools at our disposal to effectively carry out that task.
We consider the reporting phase to mark the beginning of our relationship. AGG strives to provide the best possible customer experience and service. As a result, our report makes up only a small part of our deliverable. We provide clients with an online remediation knowledge base, dedicated remediation staff and ticketing system to close the ever important gap in the remediation process following the reporting phase.
We exist to not only find vulnerabilities, but also to fix them.
Remediation & Re-testing
Simply put, our objective is to help fix vulnerabilities, not just find them. As a result, remediation re-testing is always provided at no additional cost.