top of page
Light Bulbs

FAQs

A lot of what you would regularly want know is probably here, but if not - feel free to contact us in our:

  • Live Chat

  • Email

  • Contact Form

Wait a minute.. Aren't "Security Assessment" and "Penetration Testing" one and the same thing?

Penetration Testing and Security Assessment are not the same thing by definition.

​

A Penetration Test is a tool that is frequently used to simulate an actual cyber attack, the test starts with regular access (such as a domain or basic user) and ends in one of three cases:

 

  • The pen-tester got to the highest privilege possible.

  • The pen-tester discovered a critical vulnerability, which he/she considers sufficient.

  • The pen-tester concludes that he/she exhausted all options to further exploit the system.

​

Surely, a Penetration Test will simulate an impressive "Proof of Concept", but unfortunately, will yield much fewer discovered vulnerabilities (findings).

So by itself, it will only generally answer the questions "is my system secured?" and roughly "how bad it is?".

​

It is important to stress that a Penetration Test can't, and effectively will not ensure sufficient infrastructure security.

An infrastructure that relies upon Penetration Testing for its security is exposed by the mere definition of a Penetration Test.

 

Knowing this, most companies using a combination of Security Assessment and Penetration Test one after another in order to maximize the benefit of both worlds.

Security Assessment vs Pentration Test

The good news: your team is absolutely fine. The bad news: your team probably has got some non-technical or mitigation steps to their hands.

 

Your technical personnel can't be at fault for not having the knowledge on how to address a general mitigation step such as "Install Web Application Firewall" or "Setup a Key Management System" - these fancy titles will sometimes have nothing to do with an average developer or even cloud engineers and DevOps.

​

So it's either you spend more resources and deal with it by yourself, or you get yourself an Implementation Plan with your Security Assessment - free of charge.

​

Would you like to know more? Read More About Implementation Plans

We already conducted a Risk/Security Assessment - our team couldn't figure out what to make of the mitigation steps to the vulnerabilities.

Previous bad expirience with Risk/Security Assessments
bottom of page