Testing looks at the application from an attacker's point of view. It tests not only the application itself but can also show up weaknesses in the deployment of the application and its infrastructure. This testing typically uses a combination of automated tools and manual testing to fully probe how the application reacts to unexpected inputs and events.
Why do it?
When your site is under attack, you can't afford the time to learn those security skills you've been putting off. As more companies and people are connected to the Internet, the numbers of hacking incidents are growing. With greater numbers of users surfing, more hackers are appearing, knowledge is being shared across the net and fledgling hackers ('script kiddies') are learning faster as exploits are published without any apparent control.
Yet security saves money! Many companies pay three times over for insecurity. Losses are suffered through security failure; costs are incurred recovering from the incident; followed by more costs to secure systems and prevent further failure. There is direct financial benefit from good security and indirect savings as well.
When should you do it?
Unless you have performed one recently, and have amended all known vulnerabilities, the time to do it is now. Because your network is a constantly changing environment, every time you make a change in your system you run the risk of opening up new holes. Therefore the need to constantly keep a security policy up to date is imperative. Security is not a once off issue. Systech offer a penetration service that can include ongoing testing throughout the year, specific to the needs of each customer.
Why do it?
- Peace of mind
- Independent assessment by security experts
- Confirmation of security status
- Detect new vulnerabilities in a timely manner
- Highlights vulnerabilities introduced by change
- Detect configuration errors
- Compliance with best practice - Legal mitigation
- Risks associated with user activity
- Cyber liability insurance benefit