Penetration Testing

Home Penetration Testing

Penetration Testing

mission & values, cyber security

PURE Penetration Testing

PURE

adjective

  • Not mixed or blended with any other substance or material.
  • Clear, perfectly in tuned

definition by Oxford Dictionary

LGMS is a pure Penetration Testing (Pen test) service firm. Many of our clients do not see us as just ‘Penetration Testing’, but instead, as their Trusted Security Advisory. As a cyber security service consulting firm, we do not sell any hardware and software products.

 

Objective, unbiased testing is a critical differentiation between LGMS and the rest.

 

Since we do not sell any security products, the LGMS penetration testing approach is always highly regarded as objective and neutral. The same approach is also the main reason why our clients trust us when it comes to penetration testing and security advisory.

penetration testing malaysia

Objectivity Counts

 

Why is it essential to engage a penetration testing firm that does not sell security products?

 

It’s simple. We don’t find problems on your network so that we can sell you any security solutions. We identify vulnerabilities to help you stay ahead of malicious hackers.

 

Our penetration testing services reveal real vulnerabilities that matter to your environment. Ultimately LGMS will provide advisory and guidance to help your business to become more secure.

What is Penetration Testing? And How Does It Work?

Penetration testing is a risk assessment to protect digital assets of business operations against cyber-attacks. The activity helps to identify security loopholes and vulnerabilities in the business operation as well as ensuring the solutions and protective mechanism were implemented as intended. An organization’s IT environment should be evaluated from the 3P (Process, Product, and People), in order to sufficiently maintain an excellent cyber security posture.

  1. Process: define as policy, procedure, and internal control implementation (How an organization process their workflow)

  2. Product: define as the solution, precaution (anti-virus, firewall, etc)

  3. People: define it as employee awareness

Types of Pen Test - Black Box Vs White Box Penetration Testing

Black-Box Penetration Testing

LGMS Black-Box Penetration Testing is an unauthenticated approach, without any credentials or access provided. LGMS will imitate a hacker without any knowledge of the structure to perform penetration testing.

Black Box

White-Box Penetration Testing

LGMS White-Box Penetration Testing is an authenticated approach. As opposed to Black-Box, credentials of user privileged roles (administrator, basic user, etc) are required to perform testing. LGMS consultants will be covering more in-depth testing on the targets when credentials are provided.

White Box

Vulnerability Assessment vs Penetration Testing: What's the Difference?

Vulnerability Assessment (VA) and Penetration Testing (PT) are two different aspects of cyber security. It is essential to know their difference before engaging a consultant for services.

Vulnerability Assessment

The use of automated scanning tools to perform Vulnerability Assessment; identifying and evaluating vulnerabilities of an organization’s system, computer network, and other parts of the IT ecosystem. The main objective of Vulnerability Assessment is to determine security loopholes that exist in the system from the lack of technical configuration or process controls.

Penetration Testing

Penetration Testing is usually performed after Vulnerability Assessment to find any extensive possibility for hacking methods to exploit the vulnerability/target’s system. As a professional penetration testing service provider with more than a decade of experience, LGMS is capable of performing penetration testing using both automated or manual methods. The result presentation is then generated as a detailed report.

CREST Certified Pen Testing Company

First Malaysian company to be certified by CREST UK in performing Specialized Penetration Testing

Our professional service team has carried out hundreds of security tests for clients. On the whole, our clients, including international banks, on-line retailers, government agencies, and critical public bodies using the methods and tools of a potential hacker.

Penetration Testing LOGO
Penetration Testing by specialists to gain insight over what vulnerabilities exist on your systems

Real Penetration Test (Pen Test) Service Provider

LGMS penetration testing services focus on real cyber security and compliance problems. If our penetration testing service uncovers a vulnerability, then we drill down for more information. Consequently, we make sure we understand your business and your operational environment. So that when we find irregularities, we know whether or not they matter to you.

 

While it may be vaguely interesting to report that “Port 139 on James’s Laptop is open” after running automated penetration testing tools on the internal network, how does that help anyone?

 

Penetration testing effort should not entirely be based on automated tools. LGMS methodologies will apply hybrid business plus technical modeling approach.  Vulnerabilities that matter to you will get prioritized and reported.

Our Penetration Testing Methodologies

Unlike the typical penetration testing approach, we do not constrain ourselves with only standard methodologies like Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), NIST. 

 

LGMS approach will cover business-related criticality, the risk tolerance of the organization, and overall industry practices.

 

With more than a decade of real-life experience in incident response and computer crime investigation, you can be confident that LGMS penetration testing methodologies always exceed real-life business challenges and getting you every bit of information that matters.

Cost-Effective Pentest Strategy

We understand that some people just want penetration testing because a regulator is making them do it. There is nothing wrong with that. In our niche, we’ll tell you right now that the price for our penetration testing services is comfortably smack dab in the middle. But our objectivity, our analysis, our qualities are Incomparable.

 

All penetration testing reports are 100% meeting the compliance requirements of PCI DSS and Monetary Authority of Singapore (MAS) Technology Risk Management Guidelines, Association of Banks in Singapore (ABS) Cloud Computing Implementation Guide.

Backed by Solid Cyber Security Track Records

Over the years, LGMS specialized penetration testing has become an integral part of the change management process for many financial institutions in the region. Our penetration testing engineers regularly work together with significant financial and government institutions to ensure that their servers and network devices are secured to minimize potential risks exposure and identify vulnerabilities in a proactive manner. Our penetration test methodology has become a guiding principle for our clients in building a more secure and robust infrastructure.