Frequently Asked Questions

Penetration testing is a method used to identify and exploit vulnerabilities found in your digital systems that could be used by an attacker to compromise your organisation. The end goal is to establish what risks are posed to the business, that when addressed, will enhance your overall security posture.

There are a variety of security assessments that can be performed but the most common are Network Infrastructure and Web Application assessments which provide a good starting point for any business looking to secure its digital presence.

The importance of these types of security assessments are paramount, should a compromise occur, as this could result in significant financial and reputable damages. Pen testing and security assessments are also essential for compliance and are a mandatory requirement by various regulatory bodies including the PCI DSS for businesses handling credit card information.

Performing regular penetration tests can help:

• Identify and resolve vulnerabilities preventing future compromise
• Follow industry best practices such as PCI DSS and GDPR compliance
• Assess implemented security controls
• Demonstrate to customers and prospects a continued commitment to security
• Help in educating staff and improving awareness of cyber security risks

The cost of a penetration test depends on multiple variables such as complexity and overall scale of the assessment. With fewer overheads and streamlined delivery we are able to offer a service that is tailored to the clients needs, which in-turn helps us to deliver a cost effective service.

It is good practice to perform annual penetration tests. However, a pen test should be performed more regularly whenever the following occurs:

• When alterations to infrastructure have been made
• Any mergers or acquisitions that are taking place
• Preparing for compliance
• Newly introduced or changes to applications

The time taken to deliver a pen test varies depending on the scope of the assessment. This for instance will depend on factors such as network size or the complexity of an application. Other factors such as ensuring all pre-requisites are met before the engagement commences can also influence the time taken to complete a pen test.

If your business is reliant on networked infrastructure and does not use applications to sell or distribute products for instance, then you may only require an infrastructure assessment. If however, your core business primarily uses applications for daily interaction then an application assessment may be best suited for you.

Vulnerability Scanning uses automated scan methods to identify vulnerabilities. With a Pen Test the approach is far more targeted and in-depth using manual techniques combined with various pen testing tools to identify weak points.

Rego’s penetration testers use a wide range of both open source and commercial pen testing tools to perform in-depth assessments. This allows our team to identify, analyse and exploit both zero-day and more commonly found vulnerabilities.