Automated Penetration Testing
In many situations an automated penetration test provides a faster and more cost effective means to discover known exploitable vulnerabilities in your attack surface than a traditional manual network penetration test.
Security is fundamentally a weakest link problem, if you have an exploitable known vulnerability that provides a way into your network then it is highly likely that an attacker will try that route first. In this scenario, spending time and money on a comprehensive manual penetration test will provide no incremental benefit over an automated test.
Our standard automated penetration test offering includes:
Internal use of our EdgeScope tool to perform a detailed analysis of your Internet facing attack surface. Depending on the scope of the engagement we can limit this to a specific location, set of technologies, or subsidiary organisation.
Any identified software assets are then cross referenced using the NIST National Vulnerability Database, the CISA Known exploited vulnerabilities catalog and our internal set of known active threats. The results of this are manually triaged and risk assessed to ensure that the resulting set of vulnerabilities are valid issues that impact assets within the scope of the engagement.
An overview of the discovered attack surface and the collated set of identified risks are then delivered in a final report.
As with any penetration test engagement, the scope, depth and areas of focus can be tailored to meet your needs. We can also conduct these engagements from a zero-knowledge perspective, in this case we will select the scope and focus to gain the best level of coverage against currently known threats and active exploits.
If you are looking for an in-depth analysis of a custom application then a manual penetration test or application level security review is likely to be more effective. We are committed to providing objective guidance on the best way forward for your organisation so if you need any help then please get in touch.