Penetration Testing

You never really know how secure your organisation is before it is hit by a cyber-attack. That’s why regulators and clients often require vulnerability and penetration testing to mitigate the risk of hacks, ransomware and other exploits.

Our highly experienced team includes ex-military intelligence experts who will look at everything from your architecture to your engineering to your staff to find and exploit key vulnerabilities, mitigating risk while preparing you for the worst.

Our approach

Our approach is flexible and tailored to your risk profile, regulatory requirements and budget so you always have the level of protection you need.

6point6 is a CREST and CHECK certified pen test provider and we have been certified against ISO20071,9001 and PCI DSS. Our penetration testing consultants hold high-level technical certifications from SANS, CHECK, Tiger scheme and Offensive Security, giving you complete peace of mind.

Get a quote

Capabilities that scale

Penetration Testing

We conduct a comprehensive penetration test of your network, mobile and web applications, APIs and key infrastructure to proactively expose cyber threats. Using the best and most widely recognised guidelines and standards from organisations such as OWASP and NIST, our team will discover what information they can retrieve or exploit, generating a complete risk report with recommended actions and remediation plan.

Code reviews

Using our vast experience, our team will dive into the code behind your service applications to see if there are any security issues or vulnerabilities that may expose your organisation to attacks.

Red teaming

Our “red team” aims to simulate a real-world attack to gain access to your critical assets and data across your whole organisation. Rather than searching for every single vulnerability, red teaming aims to uncover key exploits, identify optimal security configurations and prepare your Security Operation Centre (SOC) for the real thing.

Social engineering

One of the biggest security vulnerabilities of any organisation is its people. We use social engineering to test the security awareness and preparedness of your staff, using things like phishing emails and fake landing pages to attempt to gain login information from your staff. Thorough training will ensure staff are vigilant against future threats.

Configuration reviews

With a thorough review of your end-user devices, cloud configurations, servers, VPNs, firewalls or active directory, we can assess the security configuration of your assets to ensure that they can’t be used as a vector to attack your organisation.

Purple teaming

Purple teaming draws on expertise from both our red and blue teams. While our red team programmatically executes a series of clearly telegraphed attacks on your networks, our blue team will work with your internal security team to show how these different types of attacks can be identified and shut down. This hands-on approach provides excellent training as well as allowing us to properly assess and advise on the most effective configuration of your incident response/management systems.