To steal or somehow modify information is probably the primary goal of the hacker. There are also instances of hooliganism, but they are less common. A professional hacker will probably have a goal other than destruction. Sometimes, he will break in to one network only to use it as a base from which to attack his next target, but sooner or later he will want something. A hacker can do a range of things, from pranks such as changing the look of your screen to more serious breaches such as stealing your passwords or other sensitive information such as customer data or trade secrets.

Most hacker attacks go unnoticed, many times because no one is looking. Most computers have logs, but for the hacker, covering tracks by deleting entries from a log file is pretty easy. Another way to cover tracks is to “hijack” intermediary systems for all communication with the target computer so locating the hacker through an IP address will be much more difficult. Software may be also be used to hide hacking tracks. Once the intruder has sufficient privileges on a computer, they can do pretty much whatever they want. For example, they can modify the operating system in ways that are practically impossible to detect.

Your most serious risk is often from the inside – from a problem employee, from someone who has been let go but has not yet left the company, or from a person motivated to steal proprietary information to sell to competitors. During many internal assessments, Pure Hacking has discovered significant exposures that could lead to disruption or complete outages for many businesses. A Pure Hacking On Site Penetration Test lets you know where you stand when it comes to internal IT security.

Yes. This confirms what your business partners can see about you.

Absolutely not. First and foremost, the penetration tester must be entirely trustworthy. While testing the security of a client's systems, our team members may discover information that must remain confidential. If confidential information was released, this may lead to loss of corporate reputation, and ultimately financial loss. Pure Hacking does not use ex-hackers to review the security of a clients system as trust is of paramount importance. We require our testers to have a minimum of 5 years experience in the IT security field and appropriate academic qualifications.

A penetration test is a controlled security review conducted by an independent security professional who attempts to break into a client’s computer system. A penetration tester employs the same tools and techniques as real intruders but does not damage the systems or attempt to steal information. A penetration tester then reports on the vulnerabilities that were found and the ways that they can be fixed.

If you answer “yes” to any of the following questions, you need to consider a penetration test.

• Will I suffer a financial loss if my systems are compromised?
• Will my organization lose public confidence if my systems are seen to be vulnerable to attack through Web site defacements or unavailability?
• If my system is compromised and used to attack somebody else's system, will I be legally liable?

Yes. This is referred to as an “internal hack” and usually represents the most damaging hacking engagement.

It varies and depends on the complexity of your systems, but most of our clients would check their systems with a penetration test at least once a year.

Pure Hacking will perform a penetration test at any time that is convenient to you. There is no additional cost if the hack is performed outside of normal business hours.

Every effort is made to minimize the risk to your systems, but in some cases you may notice extra logging activity and your intrusion detection systems may be alerted.

An engagement can last anything from 1 day to 300 days depending on your security challenge. To cover the full range of threats, most clients usually request an external and an internal hack. An external hack is performed from our hacking lab, while an internal hack will be performed from within your premises.

We use the same tools and techniques as are used by criminal hackers, and we keep up to date with the current vulnerabilities in your software. We are usually able to find the things that will make your system vulnerable to attack and can help you close these holes well before your systems are attacked. This method is effective because it shows you your real threats.

Clients engage Pure Hacking on a daily rate, inclusive of all tools and insurances. The engagement is scoped using tools and conversations with the client. These conversations determine the business objectives of the testing and the ultimate duration. No systems or business objectives are identical as each engagement is customised to the clients needs. When the systems are important, our clients call Pure Hacking because they need to know if they are safe.

Except for web application penetration tests which tend to take 3 days, a test account is not mandatory for all of our penetration tests. However, testing with a test account is significantly quicker and therefore more cost effective.

On average it takes three days to conduct a web application penetration test.

There are literally thousands of automated tests; however, automated testing comprises only one third of the engagement. The remaining two thirds is manual testing, using human ingenuity to find ways to circumvent the controls you’ve put in place. You need to know if your controls can be compromised. Pure Hacking also applies the OWASP ASVS and WASC standards to our testing.

Pure Hacking is a registered auditor and contributor for the Open Source Security Testing Methodology Manual (OSSTMM) and perform tests according to the Open Web Application Security Project and Application Security Verification Standard (OWASP ASVS) and Web Application Security Consortium (WASC) assessments. Customised testing is also frequently performed.

Our PureScan managed service assesses up to twenty live machines in a day. The results come back for these machines and we see if there is a way to gain access, bypassing the controls you have in place.

Even if you don’t make changes, the Internet is continually coming out with new ways to compromise your business. Our PureScan service keeps on top of the changes.

This is primarily a service. PureScan scan your machines daily, and then manually check the results. PureWeb is a monthly service If a new method of compromising your systems is discovered, we’ll manually check your systems to see if you have an issue. Alternatively, PureWAF is used predominantly for analysing security status.

They either don’t have the skills, or they don’t have the time to implement this important service. However they want to be confident that they are across new security threats that appear on a daily basis and tend to want to rely on security specialist rather than a service for monitoring their systems.