Penetration Testing

Accurately simulate attacks against your systems and applications to identify then help you close any security gaps

Test, detect, refine, improve and protect your infrastructure

The Missing Link’s expert penetration testing team can improve and harden your security posture, and prepare your organisation against attacks

The risks of cyber-attack have risen exponentially thanks to an increasingly mobile workforce, cloud computing, big data, and changes to the concept of identity. This makes penetration testing critical to protecting your infrastructure from attacks and preparing your team to manage any unauthorised access attempts.

When you engage The Missing Link, our highly certified pen testers will undertake a thorough vulnerability assessment of your security controls. We specifically focus on one area, component, or system within the business and identify any potential vulnerabilities within its infrastructure or processes, adding context to how it fits and aligns with the business's overall desired security posture.

Depending on your organisation's security testing requirements, we will tailor-make a testing approach that fits your needs, which can range from web application penetration testing to external and internal network and infrastructure, all the way to social engineering and mobile applications.

Although testing usually starts with a vulnerability scan, our team will spend the majority of the engagement using their skills and years of experience to manually identify and contextualise security vulnerabilities, ensuring issues such as business logic security vulnerabilities are identified where automated testing would fail.

We'll also deliver a roadmap to ensure your organisation meets industry best practice standards and its security goal for the future.

The Missing Link is a CREST-approved organisation, so you can be assured that we take a professional and ethical approach to security testing, enabling us to work with any customer, from small businesses to the largest government/defence global organisations. Our penetration testing team form one of the strongest offensive security teams globally. Among them are Offensive Security Certified Professionals, Offensive Security Certified Experts, and an Offensive Security Exploitation Expert - the highest level of Offensive Security certification.

Impressively, The Missing Link's team of security experts has discovered CVEs (zero days) in multiple commonly used products, and we regularly compete in and win "Capture the Flag" events, including Canberra's BSides'18, BSides'19 and events such as SpectreOps Red Team Operations Training.

Minimise risks, maximise protection against unauthorised attackers

The Missing Link's award-winning security testing experts use targeted penetration testing tools to conduct ethical hacking exercises that help identify vulnerabilities so you can strengthen your security posture.

Awarded penetration test services for information security

Minimise risks, maximise protection against unauthorised attackers

The Missing Link’s ethical hackers will identify vulnerabilities in your network, applications and devices so that you can strengthen your security posture.

A ethical hacker you know you can trust

One of few Australian and UK IT businesses to have ISO27001:2013 certification, The Missing Link follows global best practices to manage all information security risks effectively.

World recognised penetration testers

We pride ourselves on being a company other can learn from with our security team regularly talk at specialist training courses, including BlackHat and Auscert.

Security intelligence to take your business forward

Certified in industry-leading practices and methodologies, your security assessment will be successfully delivered with expert guidance to reduce your attack surface and improve your security posture.

A customised security assessment

Our pen test team will work with you to define your security goals and prepare a penetration testing service to meet your needs, timeline and budget.

FAQs

  • What is a penetration test?

    Penetration testing puts your people, processes and infrastructure to the test to identify any vulnerabilities in your security that could leave you exposed to a threat. Our highly awarded, certified security consultants will undertake technical security testing of your organisation's current systems, policies, procedures and infrastructure to assess whether they meet security best practices. Our security vulnerability scanning will identify weaknesses and provide guidance to remediate them, deliver an in-depth understanding of how your company compares to industry competitors, and provide a roadmap to achieve best practice standards.

  • What tools are used for penetration testing?

    Recognising that every organisation's infrastructure and security needs are different, The Missing Link takes an agnostic approach to penetration testing tools. Our team of experts have multiple industry-recognised and vendor-specific certifications and experience. To provide first-class security services, we partner with some of the most respected security vendors in the world. These include CyberArk, Carbon Black, Fortinet, FireEye, Netskope, Okta, Proofpoint, Tenable, Zscaler and many more. When you partner with the Missing Link, we'll take time to understand your business and risk before recommending a tailored penetration testing solution with hand-picked tools to best achieve your goals.

  • What qualifications do you need to be a penetration tester?

    The Missing Link is a CREST approved organisation, and as such, we only engage a pen tester with the highest qualifications and experience. Among our internationally awarded security consultants and Architects are Offensive Security Certified Professionals, Offensive Security Certified Expert, CREST certified security professionals and Offensive Security Exploitation Expert, making us one of the strongest security teams in Australia. Our security experts attend specialist training courses regularly, enhancing their skills across the latest methodologies and attack vectors. They are community contributors to industry projects such as Rubeus, Impacket and Exploit DB. To keep abreast of the latest happenings in the Information Security landscape, they also regularly attend industry conferences such as Ruxcon, Kiwicon, Crikeycon, Defcon, and Blackhat.

  • What types of penetration tests can be done?

    Penetrating testing involves short engagements focused on identifying misconfigurations and vulnerabilities within an organisation's security infrastructure. Although penetration testing does not emulate a real-world attack, The Missing Link's thorough security testing will identify weaknesses that would allow an attacker to gain control of your systems or data. Our penetration testing solution will also include reports for your executive and technical team that offer guidance to remediate vulnerabilities and bolster your organisation's security. Depending on your goals, budget, and timing, your penetration testing solution can include: analysis of vulnerabilities in your web applications, external and internal networks, cloud services, web services and application Programming Interface, mobile applications, wireless security, within your people, who can often be the weakest link of an organisation's security, and custom or ad-hoc engagements, depending on the requirements.

  • Why is penetration testing important?

    Increasing risks of cyber-attack, both from within Australia and worldwide, are a reality and can be devastating for a business's reputation and sustainability. Therefore, penetration testing exercises are critical to providing key insights into your organisation's security controls. They help you see where your business sits within the industry, understand what needs to be done to meet industry best practice standards, and how to take action to minimise your attack surface. The Missing Link's penetration testing solution will help identify any weaknesses in your organisation's security posture and provide practical guidance on remediating issues raised. The penetration testing services will also help prepare your team to manage any attempts at unauthorised access by a malicious attacker.

Perfect Partner Experience

We recently engaged The Missing Link to conduct a penetration test for our web application and I must say we’ve been highly impressedFrom start to finish, The Missing Link have been consistent, professional and very timely. The level of detail provided has given me full confidence in their capability, and they have met every milestone, from providing a quote to completing penetration testing, and delivering the final report. With clear recommendations for next steps, the report was easily understandable. honestly feel confident that this is just the start for a long-term relationship, just as we had wished for.

Michael Doherty | Product Manager, Everperform

A Red Team engagement consists of many little battles, some won, some lost, and that’s when you start to appreciate what you do well, and what needs improvement. Importantly, the team at The Missing Link are incredibly skilled and 100% emotionally invested in the challenge. We know we will be tested, and we know that The Missing Link team will beat us several times along the way, and that’s great – we learn, and we don’t make the same mistake twice. The whole exercise is really a lot of fun. A key benefit for us is it allows us to test the response of our other digital security vendors. It’s almost impossible to validate the ROI for most of these products without subjecting them to very thorough testing. The Red team exercises are brilliant, the IT team love the experience, and it raises their level of engagement. We’re really looking forward to the next exercise.

Hugo Evans | IT Security and Platforms Manager, Sparke Helmore Lawyers

Since engaging The Missing Link, we’ve worked on some significant projects, including security audits, maturity assessments and penetration testing exercises. The Missing Link is very proactive when it comes to identifying, analysing and alerting us to any threats. Importantly, I get to benefit from the most current advice on best practice across a number of industries. To help us in our security journey, we needed flexibility, attention to detail and a willingness to provide a bespoke solution to meet our needs and they’ve delivered every time on these fronts. Even with quick turnarounds they are always accommodating our needs, and helping us achieve our desired results. By leveraging their expertise, it helps us in our decision-making and I truly see them as an extension of our team. 

Carl Rowley | Cyber Security Manager, ENGIE

From the very beginning, I found The Missing Link very responsive to our needs. They were highly organised when it came to proposing, planning and implementing the web application pen testing project. Their professionalism and ability to communicate complex, technical information is brilliant, and they provided us with the perfect balance of impactful findings in a simple yet detailed report. Everyone I’ve dealt with were highly knowledgeable, and they love their job, which was very refreshing to see. I’d highly recommend The Missing Link to anyone looking for bespoke cyber security solutions and services.

Annabel O’Neill | General Manager, Marketing & Engagement, Greenfleet

We engaged The Missing Link to do penetration testing for our front-page portal. As a school, we always joke that we have more uptime than a bank - our staff, students, and parents demand access to our apps 24/7 - so minimising disruption during this process was imperative. The Missing Link was highly professional and systematic in its approach. The preparation and testing went smoothly, and indeed, they identified a critical issue with the app that the vendor had been unaware of. The Missing Link immediately notified us of the issue in an interim report, then liaised directly with the vendor to have it resolved.  I have only worked with The Missing Link for a short engagement, however, I have already put them in the category of a trusted consulting service. I would have no hesitation in engaging them for further IT infrastructure and security projects.

Peter Yeates | Information Communication Technology Services Manager, Padua College.

We selected The Missing Link to do penetration testing of our web apps based on their skills and experience, and most importantly, their CREST accreditation. They didn’t let us down – they provided absolute value for money.  Perhaps what impressed me most was their flexibility. Our requirements changed after the scope of work was defined and signed off, which added to The Missing Link’s workload. Mitch and the team went above and beyond to provide answers to the additional question we asked. To me, that was a differentiator – in the current market, many providers will stick to the scope of work or provide a revised contract. Instead, The Missing Link went ahead and provided the answers. There was no drama at all.

Sam Mannix | Digital Strategy & Innovation Manager, RSM Australia