A key component of any assurance program is testing for security vulnerabilities and potential weaknesses that may allow a malicious party unauthorised access to an organisation. After a significant change in your system or application, testing should be conducted to ensure that new vulnerabilities or security issues have not been introduced. Testing after significant change is a critical step in the Systems Development Lifecycle (SDLC) that seeks to identify risk or potential risks in the system under development.

Foresight can provide a range of penetration testing and vulnerability assessment services for your organization, using an assessment methodology derived from well known and accepted sources such as PCI-DSS, OWASP, NIST, and OSSTMM.

Penetration testing provides management with the opportunity to conduct in-depth, detailed interrogation of configuration parameters to identify potential vulnerabilities and inadequacies in security configuration through simulated cyber exploitation. Penetration testing can be conducted on various infrastructure components and systems from both an internal and external perspective.

A vulnerability assessment provides invaluable information and evidence to assist management in identifying those areas in IT security that require improvement and re-configuration. A vulnerability assessment actively scans and probes, but does not exploit identified vulnerabilities.

Foresight’s certified personnel have experience in conducting:

  • network-layer penetration tests
  • application-layer penetration tests
  • Internet Gateway penetration tests
  • web application penetration tests
  • cloud infrastructure penetration tests
  • network and system vulnerability assessments

Whether an assessment may involve one or a combination of the above activities, Foresight can customise a test schedule specifically for your system or application. Assessments may be performed as either minimal disclosure (“black box” or “grey box”), i.e. with Foresight given limited information about the client’s systems and infrastructure, full-disclosure (“crystal box”), or a combination as required.

Our approach to testing ensures you receive a focused, non-cookie-cutter assessment that identifies and rates both the risks to your business, as well as technical findings and recommendations for remediation.

For more information on how Foresight’s penetration testing and vulnerability scanning services can benefit your organisation, please contact us at info@foresightconsulting.com.au.