Engaging with Hedgehog Security for your internal infrastructure penetration test will provide you with the following:
Prior to your test commencing, our penetration tester(s) will discuss the scope of work with you, so that a full understanding is obtained of what your Internet-facing network services are used for. This not only allows the test to run more efficiently but also allows the discovered vulnerabilities to be rated more accurately in terms of risk.
During the testing phase, our consultant(s) will engage directly with you – notifying you of any critical vulnerabilities that may be present within your infrastructure or any evidence in our results that may indicate a security breach may have already taken place.
Once the penetration test has been completed, you will be provided with the following:
Comprehensive Technical Report
Our clear & concise reporting format contains an Executive Summary that can be understood by all members of your organisation – including individuals who may be in management or non-technical roles. All vulnerabilities contain a sufficient level of technical detail, so that your development team and systems administrators can quickly pinpoint the root cause of the vulnerability and apply the recommended course of action.
Where applicable, we provide additional reference URLs for each vulnerability, so that further information on the vulnerabilities can be obtained from reputable sources of technical information.
Risk-Based Approach with CVSS Scoring
A risk-based approach is used throughout the report and all vulnerabilities are scored in line with CVSS (Common Vulnerability Scoring System). This allows the contents of the report to be fed into your own internal risk assessments and allows a plan to be developed to address the vulnerabilities which present the highest risk to your organisation.
Secure & Encrypted Test Portal
Due to the sensitive content which may be contained in our test reports, all test reports are delivered to our customers through a secure test portal. Our portal is highly encrypted and is tested on a regular basis.