CodeMash - a unique event for developers Read more
Penetration testing simulates an attacker gaining unauthorized access to a computer or network resource, giving customers important information on any weak points in their systems or within their organization and also showing them what can be done to improve their security.
Compass Security really values working in close collaboration with you. This is the only way we can guarantee the quality of the results when working in such a sensitive field as this. Whilst each customer’s project is tailored to their specific needs, each project follows a similar template. This is outlined below.
We will discuss your ideas, questions and expectations for this project in detail. The goal here is to understand your requirements and to agree on a sensible testing strategy. Compass is also able to advise you on possible project add-ons or alternatives as well as more efficient testing procedures.
Different goals can be pursued using penetration tests, for instance:
An initial kick-off meeting gives another opportunity to agree on setting goals and communication channels as well as for exchanging pre-prepared data. The success and efficiency of penetration tests require a little bit of extra work on your part.
The method applied during your project is obviously heavily influenced by the exact nature of the agreed scope and therefore varies enormously depending on your requirements. However, we consider it our responsibility to inform you immediately if we discover any particularly severe vulnerabilities in your systems. This ensures that such serious issues do not remain buried until the report is released to you and can instead be acted upon immediately.
A comprehensive report is created for each project which documents the tests in a reproducible manner. The report is structured in such a way to give both your management teams as well as your tech teams a clear view of the findings. The report lists weak points as well as suitable countermeasures and gives you a handle of the issues in order to classify the findings and evaluate the actual risk.
Major findings are presented in a debriefing meeting. This also gives you another opportunity to verify the actual risk and to propose possible alternative countermeasures.
We are more than happy to discuss your personal requirements. Do not hesitate to get in touch.
The editorial staff of the Unternehmerzeitung has taken up the topic of cyber security again and in an interview sheds light on how the cooperation... Read more
Lukasz D. has identified a remote code execution vulnerability in the Human-Aware Data Acquisition (HADatAc) framework. Read more
In the advanced training course BSLB / RAV / IV of the HSR Hochschule für Technik the topic "Opportunities and risks of digitalization and the labour... Read more
Have you ever said something and later regretted it? Or written an email to someone and then wished it had not happened? Or sent an SMS message but afterward desired to change its content? Well,... mehr
Contents Introduction Attack Overview Step-by-Step Detection Email Clients Administration Tools Exchange Compliance Features MAPI Editor Eradication Microsoft Security Response Center Swiss Cyber... mehr