Penetration Testing

Building integrity and security with a trusted third party
Penetration Testing

Since penetration testing was first developed as a defensive security tactic in the 1970s, the basic principle hasn’t changed: the best way to figure out your weak spots is to try to break things in any way you can. Penetration testing simply means a proactive attempt to exploit vulnerabilities against target networks and software at varying degrees of intensity.

You can’t simply test with the same team who built the tools; a worthwhile penetration test needs a third party who knows how to think like an attacker, in whom you can place the trust of your most sensitive data. In opening your assets up to penetration tests, you can find the holes before the hackers do, protecting not just the integrity of your systems and data, but your reputation. For software vendors and hosting services, rigorous active testing is key to a solid trust model. Across many industry sectors, regular penetration tests by independent third parties are becoming a critical component of regulatory compliance.

Though penetration testing has become a professionalized, standardized suite of services, provider selection still makes all the difference. These tests bring risks and potential real world exposure—you can’t simply test with the same team who built the tools. A worthwhile penetration test needs a third party who knows how to think like an attacker, in whom you can place the trust of your most sensitive data.

Penetration Tests can take place against:

  • Network and IT infrastructure
  • Wireless networks
  • Web and mobile applications
Benefits of Penetration Testing
  • Avoid downtime due to breaches
  • Test new technologies before deploying them in live environments
  • Find exploitable vulnerabilities in the application network and infrastructure supply chain
  • Protect sensitive data by analyzing and mitigating risks to the confidentiality, integrity, and availability of systems
  • Enhance the security lifecycle
What happens Introduced Risk Benefits
White Box With full access to the system and network granted by the client, along with a map of the network. Every control in the environment is tested. The tester can do anything a system administrator can do. High A deep, thorough test of the system to proactively harden against even internal threats. Can also save time over other methods.
Grey Box Tester is provided with minimal information – eg. unprivileged login credentials or VPN access. Medium Knowledge of risks and potential damage with minimal privilege introduced.
Black Box Testing from the external hacker’s view, without the benefit of any inside information or access. The hacker must rely purely on their own knowledge and information gathering skills. Low Assessment of realistic existing external threats from actors with no specific knowledge.
Think Like an Intruder Thinks

To find the vulnerabilities in an application or network, you need to do more than read the security reports—you need to put yourself in the same mindset as an intruder. At ADGA, we bring unparalleled experience in offensive security, recruiting heavily from intelligence and military backgrounds. Our staff work with methodologies informed by their cyber threat intelligence experience, and intimate knowledge of the broader threat landscape. To put it simply: we know how attackers think because we’ve been in their shoes.

It Takes Trust to Build Trust

It asks a lot of an organization to open their network up to invasive external forces. With 25+ years of operating in highly sensitive contexts in cyber security, governance, and enterprise risk management,  you and your assets are in the safest hands. As we are routinely entrusted with access to classified national security systems, the majority of our employees enjoy security clearance at the very highest levels. We apply the same care to all of our engagements.

A Nimble Model

ADGA represents a more nimble model than traditional providers. Being a mid-sized company we are able to offer competitive pricing along with a more personalized suite of services, without compromising on the quality of the end result. With increasing commodification and standardization of services on an industry-wide level, you can of course expect lower costs and consistency. We back this up with a people-first approach that delivers truly relevant results and customer satisfaction.

What Can I Do When I Know My Threats?

Though ADGA operates and reports its penetration tests based on the Canadian government’s implementation of the PTES standard, we pride ourselves in delivering more than cookie-cutter results. With a level of customization and client focus that is rare in the sector, we provide detailed and clearly itemized observations, as well as mitigation strategies for everything we uncover. We understand the industry-specific impacts of particular vulnerabilities, and our mission is to help you not just understand the risks, but the real world consequences as they apply to your business.

Contemporary threats facing Canadian utility companies

Recent events only underscore the immense risks and hardships faced by civilian populations when their utilities are unexpectedly disrupted or fail, and our critical dependency on utilities can never be underestimated.

Read more
Contemporary threats facing Canadian utility companies

Become a client

Reach out to discuss how we can help with your critical business challenges.

Get In Touch

Work with ADGA

With positions from coast to coast, find the perfect opportunity for you as part of our 600+ member team.

Design Your Career
ISO 9001:2015 – Quality Management Systems – certified
ISO 27001:2013 – Information Security Management – certified