We performed an authorised Penetration test against a client application server which included high traffic websites.
We duplicated the server precisely so that we could perform a series of invasive attacks against the server and CMS in a safe and controlled environment. This also ensured any critical breaches that may have occurred did not affect the production server.
Our testing also included various manual checks of the OS, Web Server, Database, Scripting Engine and CMS.
We were pleased to report that our clients server had only minor and low risk security vulnerabilities, which we promptly fixed on their production system at the clients request.
Regular server and website maintenance is critical to staying protected against emerging security threats. A regular and comprehensive penetration test adds an additional level of protection by assessing a system from a threat actors perspective. This results in picking up security vulnerabilities that regular maintenance may miss.