The Security Lifecycle Process
Nettitude's Penetration Testing & Vulnerability Assessment services are a core component of the Security
Lifecycle approach to building secure enterprise level business systems.
Security best practice recommends that organisations secure their infrastructure with Firewalls,
Proxies & Content Scanners. In addition, infrastructures should be monitored with Intrusion Detection &
Prevention Systems, and logs should be reviewed, with event analysis and pattern correlation being performed.
Security does not stand still. New vulnerabilities and exposures are announced every day, and as a consequence,
a system that is secure one day, can be insecure the next. Security best practice urges organisations to
"test" their infrastructure with both Vulnerability assessment and Penetration Testing services being conducted
as frequently as possible.
Penetration Testing services will provide documentary evidence about the environment's strengths and weaknesses.
In addition, where an exposure exists, a Penetration Test will arm an organisation with the information needed
to remove the risk, whilst also improving the overall topology for the future.
Report recommendations typically include details on website coding changes, configuration changes, topology changes,
and the implementation of new security controls. Advice and guidance is then provided on how this should be fed back
into the organisation's security policy, with improved security and monitoring services being implemented thereafter.
Without a comprehensive testing programme, an organisation will not stay abreast of the IT Security landscape.
Vulnerabilities, exposures and weaknesses are constantly being unleashed, and environments that remain untested
will be susceptible to viruses, hackers, and data theft. As a consequence, legislative controls such as Sarbaines
Oxley, ISO27001, FSA and PCI DSS, have made Penetration Testing a de-rigour component of an effective security
policy.