VULNERABILITY MANAGEMENT AND PEN TESTING

Penetration Testing

Having a working methodology for vulnerability management and penetration testing is essential in the modern techy world. If you don’t know where your weaknesses are you cannot remain as secure as you possibly can. Vulnerability management can take the form of self service scanning, automated scanning, managed scanning, or a testing program. Gone are the days of once a year penetration testing being sufficient, companies need to be smarter and more efficient.

Vulnerability Management Program

The most cost-effective option for creating a high-level program around infrastructure security. This can be getting your own scanning platform internally to run when required, using automated scanning tools, or having a certified tester perform scans.

Your vulnerability management program needs to be fit for purpose. and works around a more in-depth penetration test. Think of it as a regular service, and a penetration test is the MOT.

Infrastructure

Infrastructure testing is an in-depth look at the state of play on a company’s current configuration. This can be against an external and public facing infrastructure, or an internal assessment on the corporate office and network setup.

A penetration test combines both automated tools and manual techniques to ensure a comprehensive, and realistic assessment is performed.

All testers and companies utilised by YorCyberSec are CREST and/or CHECK certified, ensuring the highest quality of testing is performed.

CREST Penetration Testing CHECK IT Health Check

Secure Build Review

Performing a secure build review is becoming more important as remote working, and working on the go increases. How would a laptop or mobile device hold up to if tested? What if a member of staff lost or had one stolen could company data be taken from this device.

These assessments are done to CIS Benchmarks and Controls, giving confidence in the quality and assurance provided.

Centre for Internet Security

Application Testing

Outside of phishing attacks, as they are available to users 24/7, web apps are the easiest target for hackers seeking access to confidential back-end data.

Application testing is an essential test for most organisations, especially if there is any form of login, purchasing, or uploading functionality. At YorCyberSec we ensure we get the right specialist in for testing with the correct skillsets. All application testing follows OWASP standards to ensure the highest standards.

OWASP Application testing