The term 'Penetration Test' has numerous guises and many interpretations. It's fair to say that the term encompasses a range of security testing services provided by a combination of consultants with varying levels of expertise and a plethora of tools. Penetration Test providers will often respond to an RFP (Request for Proposal) with services that essentially match the RFP but with a heavy bias towards the supplier's strengths which can result in testing that provides no client benefit. All suppliers have financial targets but some have tougher targets than others which translates into assessments that often favour the supplier. None of the above paints a particularly rosy picture of the industry, and the fact that the industry is growing rapidly creates a massive draw to 'wannabe' security consultancies that lack experience but nevertheless want a slice of the action.
At Pentest Limited we take a different approach. Since 2001 our security consultants have performed many hundreds of security assessments. Our technical team will engage with a client much earlier in the sales cycle in order to understand the technical merits of the testing required but more importantly the business drivers behind the assessment. As experts in this field it is our job to challenge preconceptions and ask difficult questions so that our client can make the right decision when it comes to spending valuable security budget. Unashamedly we lean towards application security testing, universally accepted as the most difficult and demanding sub division of 'Penetration Testing'. Our clients are passionate about the security of their applications. Many are world leaders in the development and delivery of high quality applications with a global customer base and have a vested interest in the security of the products that have been scrutinised by our consultants.
Pentest has one of the largest and most experienced application testing teams in the world. Many 'Security Consultancies' exist with larger teams but typically these teams are comprised of a majority of 'Infrastructure Testers'. Within our client base most large corporations use mature and robust products, tools, methodologies, logging systems, audit points and external consultants to confirm their infrastructure is secure. Almost invariably the 'touch points' to the web are well hardened. This explains why most security consultancies claim that 'Security' is improving. The fact that our consultants specialise in application testing explains why, by our definition, we see an opposite trend.
Pentest’s work is not just about finding vulnerabilities! Thanks to their ability to clearly interpret and communicate their findings, Pentest researchers play a role in educating Oracle developers about current and emerging security threats that customers will face in “real-life” deployments
Pentest offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these systems.