Any decent penetration testing supplier would want to know as much as possible about the system that you have asked them to security test. However, they should start by finding out about your motivation for requesting a penetration test. Penetration testers are naturally interested in the technology you’ve used, but they should be penetration testing your system by getting into the mind of your attackers and targeting the information you’re trying to protect.
Try to give your penetration testers as much information as possible about why you’re requesting a penetration test and who your threats may be. To scope as accurately as possible, try to determine the potential risk to the system – this will then determine your budget for the security test. Reputable penetration testing suppliers should be able to help you with an understanding of the different approaches for security testing and what would be suitable for a system of the size and type that you have.
If you haven’t got a formal risk assessment process, here are some of the questions you can think about and provide the penetration testing supplier with the answers to. Think about the following:
What are your main security concerns?
- Stealing credit card data
- Website defacement
- Stealing user’s personal information
- Gain access to the backend systems
- Commit fraud. E.g. buying items for less than advertise
Who are your likely attackers?
- Unknown attackers from the internet?
- “Trusted” users. E.g. employees, customers.
- 3rd Parties and your supply chain
What kind of information do you store and process?
- Employee data
- Customer data
- Credit card data
- Intellectual property
The Security Bureau takes this approach further where we try to understand your business and understand what you could stand to lose should you be affected by an incident. Our experience means that we can help to reduce their risk to the right level.
Contact us to find out more about our approach and how effective it is. Our email address is firstname.lastname@example.org or feel free to contact us on 01273 855 269.