Cyber security | Protect your business from new and emerging cyber threats

Penetration testing

Regardless of how much you invest in cyber security, your business will never be 100% protected from cyber threats. Even the smallest vulnerability can be exploited by cyber criminals, leaving your systems susceptible to compromise. Penetration testing enables us to proactively identify potential vulnerabilities within your systems implement the relevant patches and make informed recommendations to ensure maximum cyber security across your business.

Know your vulnerabilities

Maximising cyber security relies heavily on understanding what your weaknesses are. At DuoCall MSP, we’ll use our IT expertise to determine how data is processed within your business, giving us valuable insight into where your vulnerabilities originate. This method allows us to find flaws that may be masked by security filters, which hackers often use to compromise your systems.

Request a free IT consultation

We’ll audit your overall IT services and solutions and make informed recommendations based on our findings.

What is penetration testing?

Penetration testing is a security exercise that cyber security experts use to identify and exploit vulnerabilities within a computer system. Companies use pen testing to analyse their own security systems for flaws. Think of it like a bank hiring someone to rob them so that they can identify where their security measures fall short.

Different types of pen testing:

Also known as a ‘double-blind’ pen test, this method ensures that very few people know a pen test is taking place. Businesses use covert pen testing to monitor their internal response to inbound cyber threats. Covert tests often require a lot of preparation to prevent them from being escalated to law enforcement.

Cyber security experts use internal pen testing to prepare themselves for an internal cyber attack. They do this by running a vulnerability test from inside the company’s network. An internal penetration test highlights how a disgruntled employee could abuse their current access with malicious intent.

External pen tests aren’t usually performed on-site. Instead, they’re usually undertaken from a remote location. External penetration tests are used to identify vulnerabilities within a company’s external-facing technology, such as a server or corporate website.

In an open-box penetration test, the person running the test is provided with information regarding the company’s security solutions ahead of time. This gives companies peace of mind that all aspects of their cyber security are being tested for vulnerabilities.

Closed-box penetration testing, also known as ‘single-blind’ penetration testing, is a common form of pen test in which no security information is provided to the person running the test. Closed-box testing is great for mimicking a real-life hacker.

Web API Scanning

Cyber security is a key priority for businesses utilising web APIs. When you pen test your systems with DuoCall MSP, our experts will analyse your web APIs for vulnerabilities, ensuring that they are maintained and robust.

Individual API methods contextually probed

We use heuristic fuzzing techniques to scan your APIs and intelligently probe for vulnerabilities within parameters, headers, structures, data types, and formats.

Customisable authentication for API

By using multiple security authentication methods and definitions (including API access keys) we can authenticate against private APIs.

Simulates manual penetration testing

Instead of using legacy scanning techniques, that fail to address API security issues, we use in-house developed proprietary technology, designed by penetration testers.

REST, SOAP & GraphQL API support

This scan logic is versatile and natively understands API variants such as SOAP (XML), JSON (REST) and GraphQL based APIs.

OWASP Top10 coverage

We test for all OWASP security threats, including injection vulnerabilities, Broken Object Level Authorisation and Broken Function Level Authorisation.

Support for API Schema & Introspection

Our methods include parsing support for API specification formats and intelligent schema discovery. These formats include OpenAPI, Swagger, WSDL or GraphQL Introspection queries.

Web Application Scanning

We use software to scan for security flaws within your network, cloud infrastructure, website and applications. Identify and resolve vulnerabilities before they’re exploited by attackers with DuoCall MSP.

  • We can launch scans in seconds thanks to our versatile and intelligent technology.

  • Our practical workflow management systems maximise time efficiency.

  • We conduct web application checks, from app development to production.

  • We crawl complex applications such as single-page applications (SPAs).

  • Our pen testing tools are compatible with development tools including TeamCity and Jira.

  • We meticulously scan and test your APIs for security flaws.

Dynamic Application Security Testing (DAST)

We use Dynamic Application Security Testing (DAST) to analyse a running instance of an application. We do this by probing the application with real traffic and requests. This differs to Static Analysis Security Testing (SAST) which uses the source code to analyse the application offline. To simulate a real-world scenario, DAST tools do not have access to server-side code.

  • We track vulnerabilities, spot trends and identify which areas of your business are at risk.

  • We automate the discovery of vulnerabilities within complex applications, including SPAs.

  • We distribute and manage vulnerability discoveries through in-house ticketing systems.

  • We scan and analyse API endpoints for vulnerabilities and security risks.

  • We test for OWASP vulnerabilities as well as 100,000+ other known security flaws.

  • We use automation to enable ad-hoc, continuous and scheduled vulnerability testing.

  • We test build servers for vulnerabilities, automatically.

Request a free IT consultation

We understand that managing and maintaining your IT services can be a complex and challenging task. Request a free, non-obligation consultation with our team of specialists and we’ll audit your existing setup, offering our expert advice and making informed recommendations based on our findings.

Free IT consultation