Infrastructure Penetration Testing

Protect your digital assets: ensure your organisation’s defences are effective.

Partner with us knowing we have performed 1000's of engagements and built our expertise over two decades. Our team is local, accredited and has deep expertise in all pen testing services.


How we can assist:

Infrastructure Security Assessment

External Infrastructure Penetration Test

Internal Infrastructure Penetration Test

Frequently Asked Questions

Infrastructure Security Assessment

Whether it’s hosted in the cloud, internally, or externally, we have multiple scenarios to simulate an attacker who might attempt to breach your network.

Tesserent technical assurance & testing services infrastructure assessments will assist your organisation in identifying exploitable vulnerabilities that may be found in your network.

Whether you are looking to meet compliance requirements such as PCI or ISO27001 or want to have a better understanding of your current attack surface, Tesserent security experts can assist you to ensure you not only meet those requirements, but will validate that your current defence posture holds up against a cyber-attack.


External Infrastructure Penetration Test

Tesserent External Infrastructure methodology uses both manual and automated testing of your organisation’s public facing infrastructure (for example websites and email servers) to determine if an external attacker can breach your perimeter.

External penetration testing will allow your organisation to validate how your current cybersecurity solutions hold up against an external attack.

What you gain from External Penetration Testing:

  • Visibility as to how a remote attacker could compromise your public-facing systems.
  • Insight into how to prioritise your security spend, based on actual risks.
  • Understanding as to how an attack might occur, providing an opportunity to formulate an incident response plan that is relative to your likely risks.
  • Uplifting of the security capabilities of your IT team through our recommended remediation.
  • Confidence that you are closer to achieving your business’s compliance and regulation requirements.

Internal Infrastructure Penetration Test

The Tesserent approach to internal infrastructure penetration testing is to simulate an internal attacker, potentially an employee or contractor, who has access to your internal network.

This is done by exploiting vulnerabilities and finding the attack path that a potential internal threat actor could utilise to gain access to sensitive data.

Your organisation’s internal network, (file servers, workstations, etc.), is exposed to threats from:

  • External intruders, after breaching perimeter defences,
  • Malicious insiders attempting to access or damage sensitive information or IT resources and
  • Accidental errors from staff.

Organisations are encouraged to test the internal network at least as frequently as they do the external perimeter.

The Tesserent report generated as the output of this work is designed for both executive/board level and technical staff.

What do you gain from Internal Penetration Testing?

  • An understanding of how an internal attacker could compromise your internal network.
  • You gain real insight into the potential damage and business risk an attacker could inflict.
  • A comprehensive report outlining the security exposures of your internal network, including high impact recommendations and root causes.
  • An action plan detailing how to resolve issues.
  • Enhanced protection of your business intelligence, data and IT systems, brand and reputation.

Frequently Asked Questions

What should I look for when choosing a Penetration Tester?

Find a company you trust

Trust is fundamental. You will be allowing this company to access your systems, customer data and sensitive company intelligence. In effect, you’ll be permitting access into the inner workings of your organisation’s operations. Be sure that they can be trusted with your data and they have a proven track record. When was the company established and how many penetration tests they have performed for large security focused organisations? Ask if they have worked with clients in your industry sector and can provide references.

Can they meet my brief, or help me define it?

To get the best value for your IT security investment, you need to know exactly where you need help, why and what you want security tested. As the saying goes, the better the brief the better the job, so clearly define your objectives and outcomes from the start.

Are they able to answer my questions?

Ask questions about the testing methodology. What defined procedures and tools does the company use? How do they protect your business and data during the testing? How do they remove false positives? How many classes of testings are performed? How are complex multi-stage attacks covered?

Is the testing out-sourced, sub-contracted or in-house?

Remember that a company does not conduct a penetration test, people do. No matter which company you go with, it always comes down to the person or the team you have working on your business. Find out who exactly will be conducting the testing, is it outsourced, sub-contracted or in-house? Ask to see their credentials and interview them by phone, Zoom or in person. Finally, ask if you can be provided with interesting findings as they occur throughout the testing.

Can they show you a typical report?

Up front, ask the company exactly what you will receive at the end of the penetration test. Ask to see what a real-world deliverable looks like. A quality report should detail the key findings and provide solid remediation advice, in priority order, to address every issue found. In short, the final report should be a valuable tool with a clearly defined action plan on the best ways to remediate vulnerabilities. Quality reports also detail how to re-test each vulnerability once the identified flaws have been fixed.

Where are your pen tester’s based?

Almost all our assurance team is based in Australia and New Zealand. We do have some staff that work internationally, often because they have relocated for personal reasons but want to keep working with us. All our staff have gone through rigorous security checks.

Are you CREST certified?

Yes, we are proudly CREST ANZ certified.

How do we scope and price a Penetration Test?

Each engagement is unique and tailored to your environment, and the agreed scope of works for testing. A penetration test is largely priced based on the estimated number of days required to complete the engagement.

We have conducted tens of thousands of penetration tests over the last two decades. We start by listening.

What’s your methodology for Penetration Testing (external)?

Tesserent has extensive experience with complex architecture designs gained through years of experience working with clients of all sizes, industries and structures. As we are watching threat activity on a daily basis, we’re is constantly learning about the latest attack techniques, exploits and security flaws. Our methodology covers:

    • Reconnaissance – we’ll perform information gathering before any simulated attacks are actioned.
    • Vulnerability Detection – Tesserent will perform vulnerability detection to discover flaws in systems, networks and applications which can then be leveraged by the consultant.
    • Exploitation – we’ll try to actively exploit security weaknesses identified in the vulnerability detection phase. To achieve this Tesserent may use publicly available, in-house developed or commercially available exploit kits.
    • Privilege Escalation – After a target has been successfully compromised, Tesserent will try to gain a further foothold within the organization, this may involve gaining higher privileges in the system or potentially gaining access to other systems on the internal network. The end goal is to gain complete control of the network.
    • Data Exfiltration – Based on the scope of the project, Tesserent may be required to perform data extraction. To achieve this the consultant will use a set of tools and techniques in order to extract specific data from the organisation’s network.
    • Reporting and Delivery – We’ll document, in priority order, the issues identified, along with recommendations for every issue identified. These are presented in a clear and meaningful way for both a technical and a business audience.
Contact us

Speak with a Tesserent
Security Specialist

Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.

Let's Talk
Tess head 1 min 2