Penetration testing services

The best way to understand how hackers could exploit vulnerabilities in your IT systems is to mimic their methods.

Informer's tailored approach finds the weak spots, shares in-depth findings on the risks you face and how to fix them.

Infrastructure penetration testing

Understand how hackers exploit vulnerabilities in your IT systems with an Informer pen test that mimics their methods.

Our tailored approach finds your weak spots and tackles your major security concerns. Giving you in-depth findings on the risks you face and how to fix them.

We recommend at least an annual review, or when multiple system changes could have introduced risks.

Internal perspective testing

Onsite penetration tests involve a detailed look for vulnerabilities within your network/s

  • Gauge the security of your IT systems not connected to the internet
  • Focus on the data you’re concerned about most - such as customer records or employee payroll information
  • We’ll connect to your LAN and try to gain unauthorized access, then brief you on the steps we took to get there

External perspective testing

Working remotely our expert pen testers assess the security of your assets to external cyber attacks

  • Flags up weaknesses in internet-facing IT systems:
  • Routers
  • Email and web servers
  • Hosted e-commerce sites
  • Firewall
  • VPN endpoints
  • Discover risks in services you didn’t know you had
Get started

Web application security testing

Discover ways attackers could defraud you by going beyond finding SQL injection and cross-site scripting, with logic testing from Informer.

The risks to your web app

A combination of exploited low-risk vulnerabilities could result in the complete compromise of your application/s.
Risks include:

  • SQL injection
  • Broken authentication
  • Sensitive data exposure
  • XML external entities
  • Broken access control
  • Cross-site scripting
  • Insecure deserialization
  • Using components with known vulnerabilities
  • Insufficient logging and monitoring

Our web app testing method

We don’t just test the OWASP top ten; we go way beyond that. 

Looking for and discovering exploitable vulnerabilities that could:

  • Gain access to your restricted data
  • Modify the content of your website/s
  • Sensitive data exposure
  • Gain additional system information and user privileges
Get started

Mobile application security testing

When it comes to mobile app testing, Informer assesses the functionality of your application/s. We look at how your apps interact with both the mobile devices and the remote web services it needs to retrieve data.

The risks to your mobile app

The most common vulnerabilities found in mobile apps are tested for, in-line with OWASP’s mobile risks:

  • Sensitive data leaks
  • Hard-coded passwords/keys
  • Client-side injection
  • Lack of binary detection
  • Insecure transmission of data
  • Insecure data storage
  • Poor authentication and authorization
  • Improper session handling

Our mobile app testing method

With in-depth knowledge and understanding of iOS and Android native mobile app security, we look for:

  • Security issues associated with data privacy
  • Communications between the app and the web servers
  • Any vulnerabilities in the actual web services that could lead to unauthorized access to sensitive information.
Get started

Wireless penetration testing

We dive into the minds of malicious hackers and test your wireless security with the same methods they use. Getting to the heart of vulnerabilities and rogue access points that could open your network to the outside world.

Access Point Enumeration

Our goal is to enter your trusted network via your access points. Giving you a full picture of:

  • Where your vulnerabilities lie
  • If they leak any valuable information for us to exploit in our simulated attack
  • How you can fix them

Vulnerability Exploitation

Having discovered viable attack vectors for your vulnerabilities, we:

  • Gain unauthorized access to your systems
  • Focus attacks against connected wireless clients
  • Brute force wireless keys and decrypt of wireless traffic
  • Attempts to gain access to your internal assets, such as segregated guest networks
Get started

You might also be interested in...

Shodan: The Search Engine for Hackers

Shodan is not your average search engine and has become a tool used by hackers to find internet-connected devices and more.

Read article >

Understanding Cross-Site Scripting: How to prevent an XSS attack

Learn why it's important to take a multi-layered approach to help prevent XSS attacks.

Read article >

5 Tips to scale your cyber security

Learn how to adapt your cyber security program as your business and online environments grow.

Read article >

Our other services

Penetration Testing

The best way to understand how hackers could exploit vulnerabilities in your IT systems is to mimic their methods.

Informer's tailored approach finds the weak spots, shares in-depth findings on the risks you face and how to fix them.

Find out more

Intelligence Services

Attackers spend considerable time and effort getting to know their target.

Often known as “reconnaissance” or “profiling”, this period is the precursor to an active attack and increases its chances of success.

Find out more

In Depth Technical Reviews

Our in-depth assessments strengthen those networks and hosts that need the highest level of resilience.

We carry out hands-on audits of your technical configuration, going beyond the level of penetration testing.

Find out more