Combined Infrastructure and Web Application Penetration Test

Description

Your challenge

Penetration testing is a best practice component of any ISO 27001-compliant information security management system (ISMS), from initial development to ongoing maintenance and continual improvement.

Control A.12.6.1 of ISO 27001:2013 specifies that “Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization's exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.” A vulnerability assessment or penetration test is the best method for identifying these vulnerabilities in systems, infrastructure and web applications. By conducting this test, you can:

• Avoid damaging your brand’s reputation with the bad publicity associated with a security compromise
• Prevent breaches and subsequent regulatory fines
• Satisfy relevant regulatory requirements or legislation

Our service offering:

• A detailed consultation session to identify the depth and breadth of the tests required (on either an internal network or external network, depending on your needs).
• Careful scoping of the test environment to establish the exact extent of the testing exercise.
• A range of manual tests conducted by our team of highly skilled penetration testers, using a methodology closely aligned with the Open Source Security Testing Methodology (OSSTM).
• A series of automated vulnerability scans.
• Immediate notification of any critical vulnerabilities to help you take action quickly.
• A detailed technical report that identifies and explains the vulnerabilities (ranked in order of significance).
• A list of recommended countermeasures to address any identified vulnerabilities.
• An executive summary that explains what the risks mean in business terms.

Why choose us?

• We adopt an integrated approach in line with our recognised expertise in internationally adopted standards such as ISO 27001 and ISO 9001.
• You receive a tailored assessment that applies to your business and relevant threats, not a generic assessment of theoretical risks.
• You work with CREST-qualified consultants experienced in infrastructure and application penetration testing.
• We combine a number of advanced manual tests with automated vulnerability scans to ensure all critical vulnerabilities are identified.
• You receive a clear report that prioritises the risks relevant to your organisation so you can easily remediate any vulnerabilities.

Conditions

• The price is applicable for 20 externally facing IP addresses, and a single web application and database with up to 100 static web pages, or dynamic web pages using no more than five templates, or a combination of the two.
• Testing will be conducted with a single level of authentication provided that the pages are accessible without authentication.
• Testing will not include file upload testing.
• This test is available as either an internal or external test.
• Consultant expenses related to travelling, etc. are not included in the price.
• On-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.
• Discounts for multiple tests only apply when a two- or three-year contract is agreed at the purchase of the first test; discounts cannot be backdated. Each penetration test will be invoiced annually (in the year of the test). An invoice will be issued 28 days before the planned test.
• The quoted price applies to testing during regular office hours. An additional charge will be incurred for tests conducted outside of regular office hours (9:00 to 17:30 GMT).

Customer Reviews

(0# of Ratings:)