Penetration Testing


Measure the effectiveness of your security controls

• Red teaming, blue teaming & purple teaming
• Internal & external penetration testing
• Web application testing
• Wireless penetration testing
• Generate focused and specific reports


Penetration tests measure the effectiveness of information security controls implemented in the real world, but tested within a controlled environment. Foregenix offers an experienced penetration testing service carried out by our security testing team.

Our Penetration Testing Services are conducted by Foregenix' highly skilled and experienced security consultants. The team simulate attacks and direct compromise attempts at a network or application level, with the aim of locating potential weaknesses.


Penetration tests, in the majority of cases, are bound to a specific target and are used to determine the security and the susceptibility to attacks. A penetration testing engagement is split into two parts:

1. Pre-compromise assessment: The team simulates attacks and direct compromise attempts at a network or application level, with the aim of locating and exploiting potential weaknesses. The assessment consists mainly of open source intelligence gathering, vulnerability scanning and manual probing of services with the ultimate goal of identifying initial entry points.

2. Post-compromise assessment: The exploited initial entry point is used for conducting subsequent attacks on the target environment while still being bound to the target of the assessment. In some cases, Foregenix is asked to move away from the initial scope. This helps an organisation measure the true risk that is exposed by the existence of one or more vulnerabilities and allows remediation actions based on actual risk versus an arbitrary rating.  


Penetration Tests generate a far more focused and specific report than those produced by automated vulnerability scans. A Penetration Test is designed to fully exploit weaknesses in a system's architecture and not simply alert clients to possible vulnerabilities. The deliverable from this type of engagement is a report detailing all identified information, vulnerabilities as well as the attack path in the event of a successful intrusion.


The security testing services carried out by Foregenix include:



Foregenix assumes the role of an outside attacker trying to gain access to the client’s internal infrastructure. A variety of techniques can be used towards fulfilling this goal including:

  • Open Source Intelligence - email and infrastructure harvesting from information existing in the public domain
  • Port scanning – probing systems to enumerate open ports and services
  • Vulnerability assessment - automated vulnerability scanning and manual probing of identified services
  • Exploitation of any identified vulnerabilities
  • Providing a detailed report that highlights the areas vulnerable to attack, enabling you to enact the needed corrective measures to maintain a secure environment



Security threats do not always come from an outside source. This type of test is mostly used to identify the true exposure of the targets when attacked from an internal perspective. It can also be used to identify the exposure of the targets against specific resources inside the client’s greater network, e.g. attackers on a VPN connection, customer care users, bank branch users, etc. Choosing the appropriate vantage point to place Foregenix is very specific to the needs of the client when sourcing an internal engagement and is of the utmost importance to accurately define prior to beginning testing.

In an Internal Penetration Test, the Foregenix team is placed on an internal vantage point, as defined at the beginning of the engagement, and uses that as a source to execute further attacks.



Wireless testing attempts to circumvent network, system or application controls to access networks or data that an unauthorized user should not be able to obtain using wireless methods. This testing simulates how an attacker would attempt to penetrate the infrastructure using wireless techniques.

During the test, Foregenix consultants work to ascertain weaknesses in the customer's wireless network infrastructure. After performing a reconnaissance of the wireless infrastructure, an analysis of the results will assist in determining which attacks are best suited to attempt to achieve the stated goal within the time constraints of the engagement.

The type of attack vectors used are highly dependent on the infrastructure and information obtained and may include any of the following:

  • Mac Filtering Bypass
  • Attacking WEP Networks
  • Attacking WPA/WPA2 Networks
  • Creating Controlled Rogue/Fake Access Points
  • Client Attacks
  • Man-in-the-Middle Attacks
  • Wireless Eavesdropping
  • Attacking Enterprise/Radius authentication
  • Port Scanning and Application Service identification/exploitation
  • Administrative Login Bypass



The last decade has seen a boom in mobile technologies and platforms. “There is an app for that” has become a de facto term in the English language and the apps themselves have become more and more integrated in our everyday life. Those apps are trusted with access to confidential (personal, financial, medical, etc.) data and offer the ability to perform operations on that data. 

Foregenix offers a mobile application penetration testing service where the application is analysed both from a static and a dynamic perspective. This allows the team to uncover issues with the handling of data at rest and/or in transit as well as reviewing application interaction with other apps and subsystems on the mobile platform.



Our extensive experience conducting forensic investigations and penetration tests shows that a large majority of compromises occur through unsecured web applications. Based on these findings, Foregenix delivers comprehensive services surrounding testing and securing these web applications that can take one of two forms:

1. Uncredentialled penetration testing: The application is tested without the use of credentials. This type of test is useful in order to get a level of assurance regarding the exposure of the application to external attackers. These are attackers that do not have any form of access to the application itself. As such this type of test only targets a small subset of the application, that being functionality that is available before a user authenticates to the application itself.   

2. Credentialled penetration testing: The application is tested with valid credentials. This type of test provides an overall view of the security of the application as the full breadth of the application is covered in testing. Following a tried and tested methodology, Foregenix uses multiple credentials when conducting this type of test in order to test all exposed functionality, perform horizontal and vertical privilege escalation attacks and any business rules imposed by the application itself.


Source Code Reviews

Build resilient applications

• Identify potential vulnerabilities
• Achieve a deep insight into application security
• Receive reports detailing issues with remediation guidance




Attack Simulation

Gain a deeper insight

• Tactics, techniques and procedures used in the wild
• Identify gaps in your defensive infrastructure
• Receive the executed Playbook




Bespoke Security Testing Services

There is a common saying in penetration testing, “No two tests are the same”.


This is more and more true with the boom in technologies and platforms in recent years and has become increasingly evident with the advent of Internet of Things devices. Some are more benign in their natures (e.g. smart lightbulbs) whilst other devices such as payment terminals, are entrusted with critical data and operations.

Foregenix uses a tried and trusted methodology in approaching those cases where the target is thoroughly analysed at the beginning of the engagement and a feasibility study on the penetration testing approach is produced. Foregenix has extensively applied this approach in our testing of various platforms, applications and protocols such as in testing that was performed as part of the Point-to-Point Encryption (P2PE) regulatory requirements. Targets successfully analysed and attacked during this service offering include but are not limited to:

  • PIN Entry Devices (PED)
  • Kiosk card payment machines e.g. car parking kiosks
  • Point-of-Sale (POS) Terminals

The deliverable of the Bespoke Security Testing engagement is a report detailing all identified vulnerabilities as well as their exploitation path.



Contact Us