Managed Security Testing
CREST Accredited, Application Security Testing Specialists
Overview
Need regular penetration testing?
If you have regular penetration testing requirements, talk to us about a Managed Security Testing contract. The process is simple and avoids the traditional procurement headaches you may experience when trying to commission individual engagements.
How does it work?
You pre-purchase a block of testing days, the number is up to you, and we add these to your account. You consume these days as and when required throughout the year and we debit the required number of days from your balance until this is either exhausted or you top-up with some more. The procurement process is massively simplified as you only need to go through it once rather than for every test.
You get complete visibility of your current account balance and can schedule tests at short notice (subject to testing team availability) or plan them well in advance based on expected changes or software releases, for example. This provides easy management of your security testing budget and can help to place the focus on critical areas when planning out how best to allocate the testing days.
We work together to scope upcoming tests and it greatly increases the flexibility that can be achieved in a test. Rather than one big annual test we can perform incremental tests in line with your release cycle. For example, maybe you release an update every quarter. We could scope a test to focus on just the changes since the previous release we tested. This might even be a one day test, something you might not consider when it will take you ten days to get it past Finance!
Benefits
Budget Friendly
Manage your security testing spend over the financial year with ease.
Faster Engagements
No delays waiting for financial authorisation. Book an engagement from your account balance and we can get testing.
Trend Analysis
Our Managed Security Testing clients can benefit from trend analysis. If we’re testing the same systems or applications on multiple occasions we can identify common weak areas and give more targeted recommendations.
Targeted Small Tests
Want us to test something specific that will involve only a short test? Freedom from the overhead of purchasing delays means quick ad-hoc engagements are easy to schedule getting you assurance fast.
What To Expect
The Process
The engagement process for a Managed Security Test is pretty much the same as for a regular penetration test. We still work with you to define the requirements of the test and identify the effort required to deliver it. However, rather than a full proposal we issue a task order, essentially a cutdown proposal that focuses on the details of what will be delivered, the number of days it will require and how many days this will leave in your account balance.
Once you’re happy with the approach we will schedule it as normal and deliver in our usual no-nonsense, communicative fashion.
Extras
Managed Security Testing provides us with the opportunity to trend your performance over time if you would like. All our reports come with root cause analysis as standard but we can begin to extrapolate this data over multiple tests of the same application, or by the same development team, to help you build meaningful, data-backed KPIs and identify areas to focus on improving.
As a bonus for our Managed Security Testing clients, we also offer complimentary targeted retesting for issues identified.
Pre-Test
- Confirmation of scope
- Escalation process agreed
- Test Authorisation
- Communication requirements agreed
Testing
- Enumeration
- Vulnerability Identification
- Exploitation
- Post-Exploitation
- Regular Testing Updates As Agreed
Reporting
- Report Completed By Lead Tester
- Issues Rated By Impact & Exploitability
- Root Cause Analysis
- Internal QA Prior To Issue
Review
- Optional Wash-up Call
- Post-Test Support For Recommendations
- Arrange Re-testing If Required
Next Steps
3 Warren Yard, Warren Park, Stratford Road, MILTON KEYNES MK12 5NW, England