Penetration Testing is invariably mis-sold or badly specified. Many people confuse this with a vulnerability assessment and often don’t understand what they are buying or why. Compliance often drives the need and budget too often dictates the scope. Good penetration testers are rare and expensive. You want the best, in the hope that a potential attacker is not better. In reality the best can be expensive and many organisations focus on budget without considering the risk.
Pen Testing is finally being disrupted thanks to Automated Pen Testing tools that take the human effort out of attacking infrastructure. Leaving the talented humans to focus their efforts on applications, APIs and the more interesting attack stories. Our approach to Pen Testing is different. To deliver value from a one-time engagement we have adopted a three stage approach –
- Prepare by spending the time to understand the assets in scope, who might come after them and how they might do this. From this we develop the Attack Stories that we will use
- Execute all the Attack Stories possible using APT technology
- Focus our talented humans on the remaining Attack Stories
- What’s included?
- Workshop to understand scope and develop attack stories specific to your organisation
- Automated Pen Testing of infrastructure
- Talented human pen testers to simulate external attack stories
- What do you get?
- A cost-effective pen test, designed for your risk and budget
- Cost-effective service through APT technology blended with humans
- A concise report detailing the attack stories, how they were executed and the results