First, find your pentest purpose
A penetration test shouldn’t be a pre-packaged exercise. Vital Advisory work with you to ensure that your pentest is the right tool, effectively structured, with the right scope to achieve your business and security objectives.
Penetration tests are frequently deployed as tick-a-box responses to a client’s security questionnaire, or applied exclusively against a new block of code without consideration of the full context within which that code operates.
By examining your security and business context, we provide informed advice on the appropriate scope and type of penetration exercise for your specific situation. By tailoring the test, meaningful and cost effective insights into your security are achieved and blindspots are not ignored.
Next, determine your scope
Determining the right scope for your pentest is key to finding the balance point between effectiveness and cost. By first understanding your security context, we can help you find the right scope definition to cover:
+ Infrastructure and Cloud elements
+ Networks, firewalls and WiFi
+ Services, applications and mobile apps
+ Code bases
+ Business processes and staff
+ Physical security
We also examine the business value and technical footprint of your information resources to recommend the appropriate focus, number of days and penetration team members to be involved in the test exercise. This limits costs, but ensures your defences are thoroughly challenged.
Test, report and mitigate
Once your scope test parameters are agreed, our test team proceed with using a combination of human and automated agents to examine how well protected your systems and information assets really are.
Upon completion of the test exercise, we provide you with reports tailored for both senior management and technical staff, so that you can quickly understand and act upon findings. Direct presentations from the Pentest Team to managers and IT staff are available to step through the report and help you understand the significance of issues and receive guidance on their remediation.
With the detailed report findings, you can now act to address issues uncovered. Our Pentest Team are available to assess the success of corrective actions or new controls and provide assurance to senior management, clients and partners that you take the security of their data seriously.
If you’d like to discuss how Penetration Testing can provide assurance to your IT operations, please contact Paras Shah on +61 420 978 258.