Our testing and reporting process is quite similar for most of the penetration testing services we provide. This being said, we will be flexible and fit around the needs of any organisation or technology.
Where needed, we can adapt our testing process to fit around agile project management schedules. If required, we can fit into a team and work closely with software developers or security analysts. As is often requested, we can easily provide personalised or branded reports to supply to your customers follow the test.
We also have the facility to provide up to the minute, live reporting on larger tests. This allows developers to remediate any issues as they are identified and is particularly useful on time sensitive or larger engagements.
The Testing Process
-
Scoping
We consider a thorough and accurate scoping process as key to ultimately delivering a high quality service. Our expert consultants will work closely with you to fully understand your business, technology and your requirements. This ensures we can produce a tailored service that satisfies, or ideally, exceeds your expectations.
-
Proposal
Following a thorough scoping process, our recommendations in terms of; scope, approach, pre-requisites and time requirements; will all be documented in a proposal that details the specifications of a thorough engagement that meets your needs.
-
Testing
Leading up to a test, our consultants will be in touch with you to ensure that all the prerequisites to a successful engagement are in place ahead of time. During the testing window, we will be in regular contact, providing progress updates and being available to answer any questions. Our testing approach is manual and aims to identify as many security vulnerabilities as possible during the time available.
-
Reporting
We pride ourselves in our accurate, succinct reporting process. We aim for our report to be so much more than a dead document in your inbox. In addition to a formal report at the end of an engagement, with detailed remediation advice, we provide interim reporting during the engagement to notify you of vulnerabilities as they are discovered. Our results and remediation portal gives immediate insight into your assessment and aids in the remediation process.
We are willing to integrate further with your team and your ways of working by creating tickets for you, joining your Slack/chat channels, or any method of communication that suits you.
We can also supply a customer-facing report for you. These can be used to provide assurances to your internal and/or external stakeholders.
-
After-care
We want to work with you for the long term, not just during our formal engagement with you. Our consultants will make themselves available to you and your team for any questions you might have about our engagement with you. We are also happy to provide support when it comes to remedial actions. This includes working with your internal teams and any external suppliers.
Black Box, Grey Box or White Box
We offer a wide range of testing services depending on the needs of your business. There are three main categories of security testing: black box, grey box and white box. Each method has its own advantages and disadvantages:
- Black box testing is a simulation of a real life scenario where no privileged access is provided. The tester is given no information about the inner workings of the application. This type of testing is useful for finding threats and bugs which affect all users equally. Also for finding issues with a program that cannot be fixed by changes to its source code; such as configuration problems.
- Grey box testing is similar to black box testing, but where we are provided with test user accounts and allows testers access to some information about how the application works. This may include things like documentation, specifications and design documents in order to test more thoroughly.
- White box testing is similar to grey box testing though provides testers with full knowledge of how the application works, including its source code and additional design documentation where required. This is a very thorough form of testing and is the most ideal method to ensure a thorough test.
Enquire about our testing and reporting service
Get in touch to find out more or to arrange a scoping call.