IDsec Limited / Services / Network Audit and Penetration Testing / Our Approach to Penetration Testing
Services > Network Audit and Penetration Testing  The view from outside 
IDsec Limited
Our Approach to Penetration Testing
             Home             
           Services           
           Products           
           About Us           
Feel Good About Your Network
IDsec Limited
31-33 College Road
Harrow, Middlesex
HA1 1EJ
United Kingdom
(Map)

T: 020 8861 2001
F: 020 8861 3433
www.idsec.co.uk

Copyright © 2008 IDsec Ltd 5.08
        Search Site Map
        Site Map Site Map
Printable PDF PDF Version
  Text version Text Version


Our consultants have carried out dozens of assignments, for large and small organizations across all sectors, and we know what customers expect from a penetration test.
Tailored
There is no such thing as a standard penetration test: all clients have their own needs, reflecting threats and vulnerabilities as well as budget constraints. We make sure that our services meet real needs by treating each audit as a project in its own right.

This includes providing a full proposal for all work (however small), holding clarification and set-up meetings as appropriate, and continuing the liaison throughout the active testing work.

Supported
Individual audits need to be backed by detailed technical knowledge. Each project that we carry out includes at least one member with several years' penetration testing experience, gained on a number of assignments covering a range of target types. Beyond the immediate participants, the company offers full technical back-up.

Transparent
Results and recommendations are only of real value if they are based on a clearly specified approach, with the results and reasoning available for inspection. Our methodology and reporting style carefully separates issues, evidence and conclusions.

Authoritative
For our clients to have confidence in the findings, false positives and other noise must be removed from the presented results: in fact, most of our effort is expended after any scanning tools have been run.

Careful analysis confirms any notified vulnerabilities and also teases out any false negatives - these are cases where automated tools have not found any issues but wider knowledge of the target system raises suspicions that need to be followed up.

It is also important to emphasise real issues that could be exploited in the target's environment, rather than theoretical vulnerabilities where the risk is minimal.

Constructive
Our reports give specific and relevant advice, presented clearly and concisely. Although many security vulnerabilities appear time and time again, we review each issue afresh each time it occurs, using our own knowledge plus research findings to present it in context.

Extensive
Testing is often provided as part of a wider security initiative, and our clients expect more than a narrow focus on finding specific holes. We offer a wider perspective by making use of our practical experience in other network security fields, including intrusion protection, firewall configuration, and UNIX and Windows system management.

In some cases, we also uncover and report issues that fall outside the strict network security brief but which are nevertheless of real interest to client staff.