Penetration Testing
From one of the first organisations in Australia to achieve ISO 27001:2022
Our cyber security specialists provide penetration testing to locate vulnerabilities in your business’ cyber defence and to test the robustness of security controls already in place.
The MyEmpire Group difference
"We’re big enough to support all manner of businesses, from ma and pa’s to enterprise, but small enough to still obsess over detail."
We don’t obsess over detail to the point of paralysis, but we do take great pride in delivering exceptional work. And it’s not just because we get a thrill receiving elated client feedback, although that’s something we all share in common. Primarily it’s because we genuinely care about building cyber security systems that protect businesses. That means really learning your business and your people so we can develop a cyber security strategy suited to you, not a close-enough template pulled from a file. That’s what makes us different; we only feel satisfied when we know a job’s been done right.
Our People
Our cyber security specialists are a mixture of seasoned veterans, many with 30+ years’ experience in IT, management and security. We also have young faces on the team, our rising stars–those whose talents we recognised early and chose to invest in.
Beyond being experts in their fields, our people share a few things in common, a result of how we hire. Prior to any skills being tested in an interview, we look for personable people. Authentic, honest people who are passionate about their field and good communicators. In other words, we look for people who light up when they talk about their line of work. People whose passion is contagious. Only candidates who meet this criteria are taken through the typical interview steps where we probe skills and work history.
Leadership Team
Alex Woerndle
HEAD OF OPERATIONS
(CO-FOUNDER & DIRECTOR)
Alex is an experienced director, IT consultant and infosec professional. He provides security management and leadership to a range of organisations from start-ups through to governments and ASX50 listed enterprises. He has also served over 10 years in voluntary roles as a Non-Executive Director of the Australian Information Security Association,.au Domain Administration Ltd and the Australian Conservation Foundation’s Finance, Audit and Risk Committee.
Carl Woerndle
HEAD OF SALES AND MARKETING
(CO-FOUNDER & DIRECTOR)
Carl has more than three decades’ experience in IT, security and business leadership. Prior to MyEmpire Group, he and Alex built DistributeIT which held approx. 10% market share of .com.au domains. As well as a business owner and manager, Carl has worked as a Cyber Security Advisor consultant for Deloitte. He is a regular keynote speaker on cyber security.
Chris Self
HEAD OF SERVICE DELIVERY
Chris is a highly experienced information security principal. He has worked as a senior cyber security consultant for KPMG, CQR Consulting (now part of CyberCX) and Deloitte. Prior to starting with MyEmpire Group, he was the Information Security Manager at Adelaide Airport where he led a full rebuild of the airport’s cyber security processes and infrastructure. Chris holds a master’s in information systems security and a number of information security certifications, including CISSP and CRISC.
Talk to a Cyber Security Specialist
What is penetration testing?
Penetration testing or a “pen test” involves using ethical hackers to run a mock cyber attack against your organisation’s security infrastructure. The aim of penetration testing is to unearth vulnerabilities and gaps in your security defence.
Our pen testers use the same techniques and tools used by hackers in order to simulate a real life cyber attack. The pen test can be targeted at many different technologies, such as laptops, mobile phones, web apps, networks, hardware, virtual hardware etc.
We offer penetration testing in the following areas...
Mobile applications
Mobile applications are tested for vulnerabilities specific to the mobile environment, such as insecure communication protocols, insecure data storage or inadequate encryption.
Network and wireless networks
Networks are tested to find weaknesses like open/rogue access ports, inadequate authentication mechanisms, weak encryption and other misconfigurations that pose unauthorised access risks.
Web applications
Web applications such as websites, web portals and web services are tested for potential vulnerabilities such as SQL injection, cross site scripting and insecure authentication that could be exploited by attackers.
APIs
The testing of application programming interfaces (APIs) evaluates the security of the communicating interfaces by testing API endpoints, improper input validation and lack of authentication or authorisation controls.
ICS
ICS (Industrial Control Systems) are tested to reveal exploitable weaknesses associated with the control of infrastructure components typically used in sectors like manufacturing, energy, transportation, and utilities.
Cloud infrastructure
Cloud-based infrastructure, platforms and services are evaluated and tested for appropriate access controls, correct configurations and shared responsibility model to identify potential weaknesses.
Social engineering
To gauge security awareness, pen testers use phishing and other methods to attempt to manipulate individuals into divulging confidential information or perform actions that compromise security.
Red / Purple Team
Red teaming is the conduct of simulated attacks to identify vulnerabilities independently. Purple teaming is a collaborative testing effort using both red (attacking testers) and blue (defenders) in joint exercises to improve response capabilities.
How we do our penetration testing...
Stay legal
Approvals are obtained before performing any testing activities.
Defined and tailored scope
The boundaries of the testing are tailored to your needs and clearly defined before any activity is commenced.
Respect of data
Any data handled during the activity will not be used for any other purpose.
Ready to mature your cyber security?
What is the difference between a ‘penetration test’ and a ‘vulnerability assessment’?
Penetration testing uses ethical hackers to simulate a cyber attack to identify vulnerabilities and assess the effectiveness of security defence.
Vulnerability scanning involves using a tool to identify and document potential vulnerabilities within a system, network or application.
Penetration tests and vulnerability assessments both aim to identify weaknesses in cyber security, however, pen tests are a lot more comprehensive than vulnerability assessments. For instance, a vulnerability assessment is often a step within a penetration test. During a penetration test, a pen tester may perform a vulnerability scan/assessment as a way of finding vulnerabilities which they then try to further exploit as part of the pen test.