Security Testing
Savvy Security Testing provides you with a full understanding of the technical vulnerabilities within your security ecosystem and informs control effectiveness and the level of risk held by the business.
This can be considered a proactive measure to identify asset vulnerabilities in a safe, controlled manner and can support the business by:
- Making an assessment of business-critical applications, systems and services and their performance.
- Identifying vulnerabilities and suggested mitigations.
- Informing business risks
- Identify potential legal and regulatory non-compliance.
- Inform security incident response
Alongside our Savvy Assessment and Audit services, specialised technical assessments include:
Penetration Testing (PT)
Also known as ‘Pen Testing’, is the practice of actively trying to uncover and exploit vulnerabilities within a business’s security ecosystem. This method sees ‘ethical hackers’ testing all infrastructure elements from Servers and Routers to Switches, Firewalls and Endpoints, such as PCs and Laptops.
PT enables organisations to validate their security ecosystem from both an ‘internal’ and ‘external’ perspective.
Vulnerability Assessment (VA)
A VA aims to define, identify, classify and prioritise vulnerabilities in computer systems, applications and network infrastructure and recommend the appropriate mitigation or remediation to reduce or remove the risks.
This service provides the business with the necessary knowledge, awareness and risk backgrounds to understand and react to threats to its environment.
PT or VA?
A VA often includes a component of PT to identify vulnerabilities in an organisation’s personnel, procedures or processes. However, these vulnerabilities may not be detectable with network or system scans! Despite this, PT is not sufficient as a complete VA and is, in fact, a separate process.
In contrast, PT involves identifying network vulnerabilities before attempting to exploit them to attack the system. Although sometimes carried out in concert with VA, the primary aim of a PT is to confirm if the vulnerability exists. In a sense proving the theory.
While a vulnerability assessment is usually automated to cover a wide variety of unpatched vulnerabilities, penetration testing generally combines automated and manual techniques to help testers delve further into the vulnerabilities and exploit them to gain access to the network in a controlled environment.
A VA often includes a component of PT to identify vulnerabilities in an organisation’s personnel, procedures or processes. However, these vulnerabilities may not be detectable with network or system scans! Despite this, PT is not sufficient as a complete VA and is, in fact, a separate process.
In contrast, PT involves identifying network vulnerabilities before attempting to exploit them to attack the system. Although sometimes carried out in concert with VA, the primary aim of a PT is to confirm if the vulnerability exists. In a sense proving the theory.
While a vulnerability assessment is usually automated to cover a wide variety of unpatched vulnerabilities, penetration testing generally combines automated and manual techniques to help testers delve further into the vulnerabilities and exploit them to gain access to the network in a controlled environment.
- Penetration Testing
- Vulnerability assessment
Don't wait until it's too late to secure your business
If you have any queries about how we can help you manage your cybersecurity, get in touch today!
Toby, CEO and Strategic Director and Hannah, Managing Director
