Security Penetration Testing is a method to test and confirm whether it is possible to bypass the security controls protecting a particular information asset and achieve a particular goal.
This goal is to prove what you
want to happen, is in fact possible. Can an internal
strategy document be
accessed, can a customer credit card number or client details be
retrieved or modified from the database.
We do our penetration testing a little different than others - we think it's a better approach;
First of all we don't go into the same technical depth as some other companies - our view is that the majority of security breaches (for most clients) are from technically simple flaws and not difficult ones.
We search for the most likely way others
could bypass your security, concentrating solely on a single
is not necessarily real world. Depending on our threat and
vulnerability analysis, our methods may vary considerably and we ensure
our clients are comfortable with our approach.
As part of the scoping phase with our client we provide an estimate of how much time we will be spending in each threat area eg Insider 30%, Non-technical 40%, Technical 20%, Sophisticated 10%. This ensures that we are accurately representing the potential adversaries and their chance of success is aligned to ours.
The service helps you to improve your resistance to security attacks and strengthens your detection and response capabilities.