CREST-Accredited
With new vulnerabilities emerging every day, it is essential to secure your perimeter and remediate vulnerabilities quickly. Using the same techniques and tools as real-world attackers, Arculus pen testers can replicate the actions of an attacker to identify vulnerabilities. While automated scanning provides some basic assurance, our skilled testers will identify false positives so that effort can be focused on areas of real risk.
Infrastructure Testing
Our infrastructure testing will typically cover your exposed external perimeter such as internet-facing firewalls, proxies, mail gateways, web servers, and remote access services, which must be secured as a first line of defence. We conduct vulnerability assessments as well as more in-depth internal testing, covering configuration and build reviews, against industry and vendor recommendations and good practice, and NCSC guidance. We also carry out specialist testing of mobile devices, including ‘lost/stolen device’ scenario testing.
Application Testing
Arculus carries out web application testing in line with OWASP standards, to ensure that internet-facing applications are securely coded and role-based access controls enforced.
Red Teaming
We are specialists in carrying out Red Teaming engagements, to provide an “outside-in” test. Starting with open-source intelligence, we will attempt to access your physical premises using social engineering, leading on to network penetration testing. We can also carry out a range of simulated phishing and social engineering engagements.