Using the vulnerability assessment results, our analysts attempt to use the identified security weaknesses to bypass system controls.
This assists the analysts in determining how a system may be compromised and where additional safeguards are needed.
The vulnerability assessment identified and reported noted vulnerabilities, whereas a penetration test attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible.
Penetration testing includes network penetration testing and application security testing as well as controls and processes around the networks and applications, and should occur from both outside the network trying to come in (external testing) and from inside the network.
At the conclusion of testing, Cautela Labs will deliver finding reports that detail specific findings. Finding reports are suitable for internal distribution and are intended to provide you with the information needed to begin remediation.
These reports can be utilized for compliance reporting and the actual Penetration test can be performed on demand or as part of regularly scheduled plan.
Compliance driven organizations include regulary scheduled penetration testing as part of their on-going compliance process.