Security & Penetration Testing

A best practice approach to security includes regular assessment of the risk of unauthorised penetration of your corporate perimeter. This should as a minimum encompass an independently conducted penetration test on an annual basis and after significant change. However, with the constant threat of the impact of data loss, ID theft, and fraud; including direct and indirect consequences such as financial penalties and even the threat of prison terms, this is generally considered insufficient.

To understand why this is so, consider that every year in the order of 8,000 vulnerabilities are discovered in commercial software. While most of these large numbers of vulnerabilities will probably not affect your organisation’s infrastructure, even if only one percent impact your environment, your organisation could be exposed to a significant risk (statistically twenty per quarter, or almost seven per month on average). Can you afford to wait up to a year to check for this eventuality?

Network & application testing services

As a CREST company, commissum’s methodology applies proven, consistent methods that build on industry standards, including the Open Source Security Testing Methodology Manual (OSSTMM), the Open Web Application Security Project (OWASP) and the Council of Registered Ethical Security Testers (CREST).

These testing services, accredited under the CREST scheme, provide clients with a high level of assurance of the quality, expertise and professionalism of the penetration and security testing services that are provided.

Our services include, but are not limited to:

• Networks and Infrastructure, including wireless
• Web applications
• Monthly Managed Vulernability Assessments
• Mobile Device Testing
• Code Review

• Penetration Testing
• CREST Testing
• Application Testing
• Enterprise Application Assurance
• Network Vulnerability Assessment
• PCI DSS Testing
• Code Review
• Mobile Device Security
• Wireless Security