Testing & Assurance / Wireless Security
The attack surface
your perimeter doesn't cover.
Wireless networks are frequently the most under-tested part of an organisation's attack surface. Poor segmentation, weak authentication, and rogue access points create exposure that traditional perimeter controls miss entirely. Our OSWP-certified testers assess what's actually reachable through your wireless environment.
What we assess
Every wireless attack surface.
A Cliffside wireless security assessment goes beyond checking whether WPA2 is enabled. We test the full wireless environment — including the attack paths that exist even in well-configured networks.
Authentication strength, encryption configuration, SSID isolation, VLAN segregation, and client isolation. We assess whether your corporate wireless network provides a realistic path to sensitive internal systems.
Testing of guest wireless segmentation to confirm it provides genuine network isolation — not just a separate SSID on the same underlying infrastructure. Guest network compromise is a common pivot point for lateral movement.
Identification of unauthorised access points within range of your facilities — including evil twin attacks, misconfigured IoT devices, and employee-deployed consumer equipment creating unmanaged wireless exposure.
Testing of wireless client behaviour — including PMKID attacks, KARMA attacks, and client-side deauthentication exploits. Particularly relevant for environments where staff use laptops in public or where BYOD is permitted.
Protocol-specific weakness identification — handshake capture and offline cracking for WPA/WPA2-PSK, TKIP weaknesses, WPA3 downgrade attacks, and 802.1X misconfiguration in enterprise deployments.
Signal coverage mapping to identify wireless exposure extending beyond your physical premises — car parks, adjacent buildings, and street-level — that could enable attacks without physical access to your facility.
Offensive Security Wireless Professional (OSWP) is a performance-based certification requiring hands-on demonstration of wireless attack capability against real target environments. Our testers hold OSWP alongside OSCP, OSWE, and OSCE — ensuring the wireless assessment is conducted by practitioners with genuine offensive security depth, not just wireless tool operators.
Who needs this
Wireless risk is often underestimated.
Wireless security assessments are particularly important for organisations where physical access to a site is a realistic threat vector — retail, hospitality, healthcare, professional services with client-facing offices, and any organisation with significant BYOD or contractor device usage.
Regulatory frameworks including APRA CPS 234, ISO 27001, and the Essential Eight don't specifically mandate wireless testing — but all require organisations to understand and manage their full attack surface. For most organisations with Wi-Fi infrastructure, that surface includes wireless.
Test what your
firewall can't see.
Discuss your wireless environment with us. We'll scope an assessment appropriate for your site configuration, regulatory obligations, and risk profile.