Security and Penetration Testing
web site or web application penetration test
Using a combination of automated and manual approaches we test the target site or application producing a comprehensive report digestible to both management and technical personnel.
The report will provide an executive summary describing the overall security posture of the assessed infrastructure and applications and will also detail each individual weakness, with a judgement on the impact if exploited, difficulty of exploit, and overall risk posed.
The report will include detail on each of the weaknesses found, described in terms of the technical reason that created it, and what could be achieved if an attacker exploited it. It will also include remediation advice and any relevant supporting material required to understand any of the above.
“Always on” security monitoring
Because your systems are always changing, we perform frequent baseline assessments of your digital assets, to identify newly introduced weaknesses. We can issue notifications for newly released vulnerabilities that could be used to breach your systems.
Expert penetration testers reduce false positives and investigate potential issues, while smart use of automation makes regular assessments possible. We explain issues and remediation advice in clear and concise language.
The penetration testing methodology frequently used is in line with the guidance of the Open Source Security Testing Methodology Manual (OSSTMM) and the The Open Web Application Security Project (OWASP). We have consultants who are accredited as CHECK Team Leaders. Achieving CHECK accreditation is a major milestone in a tester’s development and typically complements an existing Crest and/or ISO accreditation. CHECK is the UK’s most highly regarded qualification for a penetration tester.
- a detailed report, along with an executive summary, discussing the implications and business impact of the present security risks.
- code-level analysis of the reasons for the current security threats and remedial action.
- presentation, discussion and recommendations for action, taking into account the site or application architecture, typical use and any known growth predictions