Application Security Assessment Services are individually tailored to the customer. The scope of the testing can range from a three day remote web application test to many weeks of on-site, detailed investigation into one aspect of an application by a team of three or four consultants.
After an initial fact finding and project scoping exercise with the Pentest project lead consultant and the client, a team of highly skilled consultants with complimentary skill sets are typically assembled for the engagement. This ensures that the team's knowledge, expertise and tool set offers complete coverage of the systems being tested leaving no stone unturned.
Consultants engaged in time limited web application tests will use attack methods and vulnerabilities in common use, our own in-house tools and established testing methodologies. Pentest consultants will simulate the skill level of the potential attacker, ranging from script kiddie to informed and highly skilled insider. This approach offers a far more realistic attack simulation than that offered by running a commercial vulnerability analysis tool. The automated tool approach used by some security consultancies has the benefit of being cost effective to run, however this approach is aimed at the masses and is the equivalent of a scattergun approach, generating long and largely irrelevant reports. This method is unlikely to point the consultant towards the vulnerabilities representing the greatest threat to a client. On completion of the test the client receives a report detailing the attack methods used by the team and an analysis of their findings. The report will also provide an assessment of the level of risk presented by the vulnerabilities found and recommendations for remedial work. Finally, Pentest presents a summary of findings to management and appropriate technical groups highlighting the relevant issues, supported by the technical content of the report.
Working in this way, Pentest consultants are able to disseminate knowledge to our clients, leaving them more informed and consequently more adept at dealing with future issues as they may arise.
Pentest’s work is not just about finding vulnerabilities! Thanks to their ability to clearly interpret and communicate their findings, Pentest researchers play a role in educating Oracle developers about current and emerging security threats that customers will face in “real-life” deployments
Pentest offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these systems.