Uncover Hidden Vulnerabilities and Confidently Secure your Applications and Network
What is a Penetration Test ?
What is a Penetration Test ?
The testing process is layered, and performed in four stages:
- Gathering Information about targets (reconnaissance)
- Identifying and prioritising vulnerabilities
- Exploiting identified vulnerabilities to determine risk level
- Providing executive level reporting and actionable remediation strategies
Scope of the Service
Shearwater’s Application Testing covers Mobile Applications, Web Applications, and Web Services.
Shearwater’s Network Testing examines the security stance and procedures around network assets.
Through this type of testing, Shearwater can evaluate end users’ susceptibility to conduct attacker requested actions.
Benefits to Executive Management
- Independently verify your organisation’s security posture and processes
- Reduce risk and incorporate Information Security into your organisation’s overall risk management policy
- Avoid the high cost, legal ramifications, and damage to reputation that can result from information loss
- Leverage good security practices as a competitive advantage
- Ensure compliance with PCI DSS and other security standards
- Incorporate business objectives into your overall security program. Security management is fast becoming the domain of executive management, not just the internal IT team. In 2014, the CEO of Target resigned due to a data breach
Benefits to Internal Security Team
- Proactively harden your organisation’s IT Systems against malicious attacks
- Leverage Shearwater’s expertise which spans across government and private enterprise
- Access Shearwater’s comprehensive security report packed with prioritised actionable recommendations
- Validate security measures and processes against industry best practices
- Reduce time and costs associated with managing false positives produced by automated scans
- Gain independent verification of systems and configurations before they go live on your network
- Provide management with a proof of exploit, which outlines the assets that an attack can compromise
- Facilitate management’s approval of security expenditure and demonstrate ROI of existing security tools
“For us to be able to go to our clients and have a relationship in place with a company like Shearwater who lives and breathes security is immediately reassuring and goes a long way to giving them comfort. That definitely paid dividends for us from a brand, value proposition, and business development perspective.”
Shearwater: The Gold Standard in Penetration Testing
Here is how we raise the bar:
Shearwater offers in-depth executive level reporting which serves as a risk minimisation tool for management, and a technical document – listing vulnerabilities prioritised according to risk level – for the internal security team. The report also provides access to mitigation strategies based on Shearwater’s key insights into the cyber-threat landscape.
Post Engagement Follow Up
Our post engagement follow-up is an additional benefit that allows clients to engage us with questions, or seek guidance on issues referred to in our report.
The Open Web Application Security Project (OWASP)
The National Institute of Standards and Technology (NIST)
Source Security Testing Methodology Manual (OSSTMM)
Penetration Testing and Execution Standard (PTES)
Penetration Testing Framework
Australian Government Security Policies and Guidelines
We listen to our clients to understand their goals. Our team also alerts security staff – in real time – to critical vulnerabilities and threats discovered.