Client-side Security Testing

Typically penetration testing activities focus upon familiar assets (e.g. the external facing IP addresses associated with a client organisations, the DMZ, the firewall instances, etc.) however, XRL strongly believe that this approach fails to provide risk assurance and may be allowing organisations to falsely believe their security posture is greater than it in actuality is. Perimeter protections have becoming increasingly resilient, but internal defences are often still a pronounced security risk.

A number of our competitors offer some client side penetration services, typically however such actions are limited in scope to spear-phishing activities, whereby they seek to manipulate legitimate users via email. Xiphos Research believes that the range of 'testing' should extend beyond sending a few emails however.

The client side security assessment activities offered by XRL include a range of test vectors. In addition to the manipulation of client personnel via malicious emails / distribution of links, Xiphos Research are adept at the creation of targeted malware, and social engineering and data collection activities. In addition to testing the endpoint security of client systems and the identification of linked sensitive systems, we can also test the efficacy of protection mechanisms (such as AV and mail gateways) that may be in place. Not only do the client side security assessment services that we offer by identify vulnerabilities within endpoint client security and processes, but also within protection mechanisms and linked sensitive systems. In addition to purely technical attacks, we can at client request engage in focused social engineering attacks encompassing physical intrusion and telecommunications manipulation / interception.

For additional information regarding the range of client side security testing services we offer and how they can be tuned to suit your needs, contact us.