Penetration Testing and Security Assessments
Activity consultants follow a bespoke methodology when performing security assessments.
Activity’s methodology utilises common and consistent methods that builds on industry standards for security assessments activities, such as CHECK, the Open Source Security Testing Methodology Manual (OSSTMM), the Open Web Application Security Project (OWASP) and the Council of Registered Ethical Security Testers (CREST).
Our security testing services delivery process is fully integrated into our ISO27001 and ISO9001 security and quality management systems providing our clients with confidence in the quality of our service and that we treat their information securely.
Our services are accredited under the CREST and CESG CHECK schemes providing our clients with assurance in the quality, expertise and professionalism of the penetration and security testing services that we provide. Our approach during the security assessment is to work closely with clients ensuring that there is minimal impact on their systems during the assessment.
Our services include, but are not limited to:
- ITHC (CHECK Testing)
- Application Security Testing
- Network Penetration Testing
- Network Vulnerability Assessments
- Wireless Network Security Testing
- Mobile Device Security Testing
- Host Security Configuration Assessments
The results of all security testing assignments are documented in a comprehensive report that includes the following:
- An executive summary that gives a business level summary of the findings and their impact
- A technical summary that prioritises the key areas of risk found
- An analysis of the findings against relevant security best practice
- Details of all testing conducted and the tools and techniques used
- Detailed descriptions of findings for all vulnerabilities identified and an indicative level of risk to the client and/or system assessed along with recommended remedial action
- Screenshots and tool outputs and other supporting evidence for each vulnerability included as an appendix to the report. Activity will also conduct a wash-up meeting after delivery of the assessment to discuss further any findings or provide further information on remedial action.
