Infrastructure penetration testing

Infrastructure penetration testing focuses on the security of both the application environment and the supporting infrastructure, including third-party services and applications. The testing is performed with a combination of manual and automated techniques, tailored for the specific environment.
To maintain a consistent testing process, we rely on industry-standard best practices and methodologies, like OSSTMM (Open Source Security Testing Methodology Manual), NIST and ISACA penetration testing and auditing standards and guidelines, PCI SSC penetration testing guidelines, while also using our own methodologies, developed over years of experience. Usually, infrastructure penetration testing is required to pass security certifications like PCI DSS, so we make sure our testing processes and methodologies are compliant to the standards required by the Customer.

Case study: Automated testing

The most important factor that drives test automation is the short development cycle. Agile teams have only a few weeks to get a grasp of the requirement, make the code changes, and test the changes. If all testing were to be done manually, the time required would surpass the actual development time. Alternatively, testing would have to be hurried, thus compromising on quality.