Physical Penetration Testing: security in action

Physical Penetration Testing: security in action
Physical Penetration Testing: security in action

Last month, a client asked us to conduct physical penetration testing (PPT) at their semi-rural work site. The client had recently taken over the place, suffered from several break-ins resulting in theft, and found evidence that the site was being used for drug taking.

Physical penetration testing assesses all physical security controls, processes and protocols that a company or location has in place to identify vulnerabilities and, if identified, recommend remediation options. During a PPT, attempts are made to thwart these controls to gain physical access. Physical penetration testing is generally conducted in phases – initial reconnaissance, active reconnaissance, attack planning, targeted testing & reporting.

Once we spoke to the client and conducted an initial recce of the site, it quickly became clear that the client required not a PPT but a site security assessment. The client had been in a rush to get the site up and running and by his own admission had not considered security a priority until the incidents of theft.

During the initial meeting/recce, we found a host of security issues such as no accesses control or booking in, human-sized holes in fences, overgrown foliage covering fences and providing covered approaches, fences located too close to trees/buildings, which also aided access to the site, unattended heavy-plant which, again, assisted access to the site, dark/unlit areas where access could be gained without anyone’s knowledge; to name but a few.

So, for this case, it was ‘back to basics’ and we advised the client against physical penetration testing and conducted a site security assessment, highlighting the many security issues and allowing the client to remediate them. Ultimately, conducting an assessment over a PPT was the correct course of action and assisted the client in securing the site and saving him money; the task was also a good reminder of the importance of scoping the job thoroughly and reconfirmed that time spent on reconnaissance is never wasted.

Valkyrie Updates


Stay informed with the latest insights, expertise and innovations in the world of security with Valkyrie’s news, reports and white papers