Penetration Testing is a critical component of a robust cybersecurity strategy, providing insight into how adversaries could exploit vulnerabilities across an organisation’s digital footprint. Secolve’s network penetration testing services simulate real-world attacks to identify security weaknesses in networks, applications, systems, and user environments including those within OT cybersecurity environments, before they can be leveraged by malicious actors.
Comprehensive cybersecurity assessments conducted from Purdue Layer 4 (corporate networks) or Layer 5 (cloud environments) down to Layer 3.5 & Layer 3. The assessment typically starts by obtaining privileged access within the IT domain, which then facilitates deeper exploration into the OT domain. The objective is to identify potential attack vectors enabling unauthorised access from IT systems into OT networks. This assessment specifically targets jump boxes, intermediate servers, and access gateways that bridge IT and OT environments
Targeted assessments specifically designed to identify vulnerabilities within OT network security environments including OT networks, devices, and controllers. These tests are usually conducted in test or pre-production environments; if conducted in production environments, they are scheduled during maintenance downtime windows to mitigate risks to critical operations. Within the OT domain, IT components typically Windows-based systems are assessed following standard penetration testing methodologies. For OT-specific devices such as PLCs, HMIs, SCADA systems, Building Management Systems (BMS), and distributed control systems (DCS), the testing approach includes evaluating various interfaces like web, API, and other device-specific protocols.
Segmentation Testing validates the effectiveness of logical and physical separation between different zones within an OT network architecture, particularly between IT and OT layers. The goal is to ensure that access controls, firewalls, and filtering mechanisms are properly configured to prevent lateral movement by attackers. This assessment involves mapping current segmentation policies, identifying trust boundaries, and testing potential pathways (intentional or misconfigured) that may allow unauthorised access between segments. Testing typically covers Purdue Level boundaries (e.g. between Level 3 and 3.5, or 3.5 and 2), firewall traversal attempts, ACL and rulebase bypasses, and verification of one-way communication enforcement via data diodes or proxies. Visibility testing from IT into OT may involve active scanning or firewall rule analysis. However, for Level 3.5 and below, active scanning on production systems is generally avoided due to the potential for disruption – instead, a white-box approach is used, including architecture reviews, firewall rule analysis, and documentation assessments.
Assessment involves simulating attacker scenarios from multiple vantage points to identify and exploit potential weaknesses at the network edge, within internal segments, and from public-facing interfaces. External testing targets internet-exposed assets such as remote access gateways, VPN concentrators, public web portals, or cloud interfaces that may provide entry paths into the OT environment. Internal testing simulates insider threats or a compromised user/device scenario, assessing lateral movement, access control, and privilege escalation opportunities. Perimeter testing reviews boundary protections such as firewalls, intrusion prevention systems, NAT configurations, and remote access policies to identify gaps that could allow threat actors to pivot into sensitive OT assets from adjacent networks or third-party connections.
Comprehensive assessments designed to identify vulnerabilities within web applications and APIs through simulated real-world attacks. These assessments uncover weaknesses such as injection vulnerabilities, authentication bypasses, insecure session management, access control misconfigurations, and business logic flaws. Testing methodologies align with industry frameworks, including OWASP Top 10 and ASVS, targeting both front-end interfaces and back-end components, such as REST and GraphQL APIs. Typically conducted in dedicated or isolated environments, testing includes both automated scans and thorough manual validation to ensure accurate and actionable results.
This assessment focuses on evaluating the security of physical OT devices and their associated user interfaces. It includes testing for local access vulnerabilities in hardware such as HMIs, engineering workstations, data loggers, or IEDs (Intelligent Electronic Devices). Analysts examine device ports (e.g. USB, serial, Ethernet), exposed services, debugging interfaces, and hardware management consoles. Front-end assessments also target graphical interfaces, web-based dashboards, or thick-client applications to identify input validation flaws, authentication bypasses, or insecure data storage. Testing may include reverse engineering of firmware, exploitation of physical interfaces, or emulation of front-end applications in a controlled test environment.
