London: 020 0200 8142

Penetration Testing

4 November 2016 by Marius Cociorba

Part 4:5  Storing Data as Clear Text Storing data in the clear During a pen test, our InfoSec experts usually report the same security dangers, whatever the client size or type. In this weekly series, we explore five common vulnerabilites and share practical advice you can follow today. In this 4th part, we address the risks of storing passwords and other sensitive data as clear text. Want to know more? Get in touch with one of our … Read More »

27 October 2016 by Marius Cociorba

Part 3:5 Lack of Network Segregation Among the range of services we provide at Perspective Risk, penetration testing is a popular choice with our clients, from blue chips to SMEs. Regardless of their security posture, our testers regularly record the same issues. In this 5 part blog series, we share what those issues are alongside straightforward guidance to avoid them. In this 3rd part we highlight the importance of network segregation on the internal domain. Suggestions for … Read More »

20 October 2016 by Marius Cociorba

Part 2:5 Dangerous Default Credentials – secure your network  We regularly conduct network penetration tests for clients large and small, and whose security capabilities cross the spectrum.  Despite the diversity of our customer base, we frequently encounter the same vulnerabilities, the consequences of which can be bad news for an organisation’s security posture. Want to know more? Get in touch with one of our experts today In this series we  address the 5 commonest network security issues … Read More »

14 October 2016 by Marius Cociorba

Part 1:5 Weak password policies – improve your network’s security   Here at Perspective Risk, we run frequent network penetration tests for clients of all sizes and security capabilities. We observe certain issues cropping up time and time again, which can significantly affect a business’ security posture. During this series we will cover the top 5 issues we most commonly find, together with some simple remediation advice you can follow that should make a difference. This 1st … Read More »

23 January 2016 by Matthew Byrne

The Cloud – advantages and pitfalls ‘The cloud’ is the term given to the provision of services and applications hosted on the Internet, instead of traditionally on business premises. Cloud computing gives individuals and businesses the ability to store and process their information in third-party data centres with the much advertised benefits of getting their applications up and running quickly, as well as improved manageability and reduced downtime. This enables businesses to rapidly fine-tune resources in response … Read More »

20 April 2015 by Pravesh Kara

Perspective Risk are a highly professional organisation. The assessment conducted went without incident. A pleasure to work with. Project: Penetration Testing

4 April 2015 by Matthew Byrne

Title: Thinfinity Remote Desktop Workstation Directory Traversal Flaw Version: Thinfinity Remote Desktop Workstation v. Vendor: Cybele Software, Inc Release Date: 01/04/2015 Want to check how good your organisation’s security is? Click here. Thinfinity vulnerability summary Thinfinity Remote Desktop Workstation was found to be vulnerable to an unauthenticated directory traversal flaw. Impact of the Thinfinity vulnerability Exploiting this flaw allows an adversary to gain unrestricted access to system resources on the affected host as the service runs in … Read More »

26 March 2015 by Pravesh Kara

Perspective Risk stand out in the field of penetration testing because they understand the importance of security risks and are able to map it to the domain in which their client is operating. Perspective Risk take penetration testing to the next level, using real people to test systems and interpret the results. Project: Mobile and Application Penetration Testing

26 March 2015 by Pravesh Kara

Matthew Byrne provided some great advice and showed great insight and knowledge about security aspects and vulnerabilities across our environment. Very pleased with his efforts and advice given throughout the engagement. Project: Pan Government Accreditation IT Health Check and Penetration Test

26 March 2015 by Pravesh Kara

Zia was our main contact and was invaluable to helping us resolve potentially show stopper issues. Project: Annual PSN IT Health Check and Penetration Test

26 March 2015 by Thomas Yarwood

Great communication with the team during testing – highly collaborative while maintaining rigorous testing criteria. The fast turnaround of the report was greatly appreciated given the tight timescales for the project.   Project: IT Health Check and Penetration Test

13 March 2015 by Pravesh Kara

With a growing web development team coding in a fast paced environment, it was important for us to get an expert third party security firm in to carry out a web security review. Perspective Risk provided the independent review we needed. Project: Application Penetration Test

13 March 2015 by Pravesh Kara

Zia Rehman came to TNA to carry out an ITHC in September and all of the staff he worked with, including myself, were really impressed with his skill and knowledge and how well he got on with everyone and how he made the whole process very straightforward whilst achieving a great deal of work. Project: IT Health Check and Penetration Test

25 September 2014 by Matthew Byrne

Overview The information security field has been lit up over the last few hours discussing “Shellshock” the next Heartbleed type vulnerability (in terms of severity), the jury is still out as to whether this is worse but it’s certainly looking to be at least as bad as Heartbleed at this stage in proceedings. In the Wild Perspective Risk has already identified scan attempts looking for the vulnerability, albeit from a security researcher conducting an assessment of the … Read More »

18 September 2013 by Dave Stroud

This is a quick script I wrote for converting to Unicode and back when using string.fromCharCode() to circumvent filters in Cross Site Scripting attacks.   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 #!/usr/bin/python2.7   import argparse import sys import re   def CharCode(text):     print “<script>eval(String.fromCharCode(“,     for count, … Read More »

17 September 2013 by Dave Stroud

Following on from my MySQL Injection Practical Cheat Sheet here is the MSSQL version. As before, I will list the injections by their categories: union based, error based and inferential (time and boolean). Wherever you see @@version below (used to find the database version), you can replace it with:   db_name() – to extract database name user_name() or user()- to extract the username the database runs under @@servername – to extract the server name host_name() – to extract the host name   Note that, in the … Read More »

21 May 2013 by Finian Mackin

Kali Linux – Pentesting for the masses? My previous blog post looked at the changing face of the Backtrack / Kali rebirth and how the Offensive Security team, along with Rapid7, are looking at progressing into the Enterprise space. In this post I will be looking a bit closer at the Kali distribution itself and getting to the bottom of some of the changes and reasoning behind the move.   Progression to a more standardised approach At its core, it’s a move … Read More »

15 May 2013 by Finian Mackin

Penetration testing for the masses with Kali Kālī (Sanskrit: काली, IPA: [kɑːliː]), also known as Kālikā (Sanskrit: कालिका), is the Hindu goddess associated with empowerment, shakti. The name Kali comes from kala, which means black, time, death, lord of death, Shiva.   Interesting and a little scary on first glance, but perhaps more relevant to us, Kali Linux is the new generation of the industry-leading Backtrack Linux penetration testing and security auditing distribution. Kali Linux is a complete re-build … Read More »

23 April 2013 by Finian Mackin

Instant Penetration Testing: Setting Up a Test Lab How-to [Instant] by Vyacheslav Fadyushin, is available now from Packt Publishing at a price of £6.99 £5.94. It is aimed at the prospective or novice security consultant and will give a high level look at the penetration test process, methods and training requirements for someone to get their teeth into.   The Beginning The text starts by conveying the ethos and components of a penetration test in a logical and easy to understand fashion, … Read More »

28 February 2012 by Pravesh Kara

Simple question, hopefully a simple answer: it is an Information Security discipline where the aim is to identify ways to compromise you and/or your organisation.  There is more to it than that, obviously, but that should provide a good starting point!  Many people involved in the industry, such as penetration testers, sales people, information security consultants, etc. all have their own interpretation of penetration testing, and there is a wide ranging view of what it is and … Read More »

We are Perspective Risk

  • Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.

    Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.

    Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.

  • Call Me

    Pop your details in below and we’ll be in touch soon!

    • This field is for validation purposes and should be left unchanged.

    Get Quote
    • This field is for validation purposes and should be left unchanged.