Whatever your reasons for seeking to conduct Risk or Vulnerability Assessment, a Stress or Penetration Test: regulatory, compliance, internal policy, etc., we would be pleased to avail you of our quality services in the execution of these tests as we leverage on our experience conducting technical security assessments for organisations in diverse industries
Our Security Assessments are based on best practice methodologies such as the Open Source Security Testing Methodology (OSSTMM), Open Web Application Security Project (OWASP) project, Penetration Testing Execution Standard (PTES), and the US National Institute of Standards and Technology (NIST) Technical guide to information security testing and assessment Special Publication 800-115. The application of these best practice methodologies, along with the accumulated knowledge and practical experience of our consultants from diverse IT backgrounds, ensure a focus on establishing the security weaknesses, defects, or flaws existent in your firm’s people, processes, and technologies with a view to mitigate and/or remediate these vulnerabilities with appropriate countermeasures and controls to attain an improved information security posture.
Our approach to a meaningful penetration test will commence with:
- An intelligence gathering exercise where information concerning the people, processes, and technologies earmarked for the exercise would be gathered and analysed.
- The conduct of a vulnerability assessment on the information assets whereby we would seek to confirm the existence of applicable vulnerabilities.
- Vulnerabilities confirmed, we would seek to exploit them using various security techniques and tools.
- Once the vulnerabilities have been exploited, our final exercise would be a risk assessment whereby we would rank the vulnerabilities based on the ease of exploitation and damage to your organisation if exploited, among other parameters.
- Finally, we would submit reports listing our key findings and observations alongside an actionable roadmap with recommended timelines.
Overall, all our approach to the penetration test exercise would be based on best practice project management methodologies.