• +44 (0)1273 454525
  • Call us
  • info@firstbase.co.uk
  • Email

About Penetration Testing & Vulnerability Assessment / Analysis

Below we have tried to answer some of the main questions we find we are most commonly asked when we receive enquiries about penetration testing. You may find that some answers are on this page.

However, if the answer you are looking for is not there, then do please feel free to contact us!

What is an Automated (Vulnerability) Scan?

An automated scan uses a vulnerability scanner (such as Acunetix, Netsparker, Nessus or Qualys) to identify common vulnerabilities in systems and web applications. At the end of each scan, a report is generated automatically that details the issues identified during the scan. This often includes a number of false positives and potential vulnerabilities, since the issues are not manually verified. The reports include generalised risk ratings that do not take into account the system design, the nature of the application and business logic.

What is a Penetration Test?

A penetration test is a largely manual process that involves multiple phases and is carried out by a security professional. Although it may include the use of automated software, especially in the preliminary phases of the test, a penetration test cannot be entirely automated. The process will be customised to meet client requirements and to take account of the systems under test. All identified vulnerabilities are verified to remove false positives and are exploited to demonstrate the real risks and impact of an attack. The resulting report includes a management summary, as well as detailed information on each vulnerability, its risk rating, and mitigation advice. Post-test discussions ensure the results and recommendations are fully understood.

AreaAutomated ScanPenetration Test
  • Run automatically by computer software
  • Standardised and permits only minor customisation
  • Vulnerabilities are not exploited
  • Only looks at common vulnerabilities and a limited number of areas
  • Unable to understand business logic
  • Conducted by security professionals
  • Customised on a test-by-test basis to meet client requirements
  • Vulnerabilities exploited to reveal the full impact of each issue
  • Creative process benefiting from the tester's experience
  • Simulates the behaviour and thinking of a real-world attacker
  • Analyses the logic behind a system and recognises logic flaws
  • Analysis
  • Includes potential and unverified vulnerabilities
  • Includes false positives
  • Risks are generalised and do not take into account the system architecture
  • Professionally interpreted to remove false positives and understand the real risks associated with each vulnerability
  • Reporting
  • Automatically generated
  • Often unclear and may be 100+ pages
  • Written by security experts and tailored to client systems and applications
  • Clear and concise
  • Includes high-level summary of findings
  • Satisfies PCI DSS 11.2
  • Satisfies PCI DSS 11.3
  • "Blind" versus "Informed" Testing

    Blind Testing: If you would like us to test your firewall as if we were “real” hackers, then you should tell us nothing at all about your installation. This means we have to perform a good deal of under-cover work in approaching the hack in the same way a criminal would, using social engineering and even physical break-ins.

    Informed Testing: We sign a non-disclosure agreement with your organisation and you give us details of your firewall solution – the overall design, the IP addresses, and so on. We are then able to run a variety of tests against your firewall defence, using exploits appropriate to the devices and products actually in use. This gives a thorough and cost-effective result.

    What Tools Do We Use?

    Unless you specifically instruct us otherwise, we use a combination of professional, commercial tools and those that are used by the hacking community to conduct the tests. This ensures that we expose as many vulnerabilities as possible whilst also helping to identify possible false positives – as well as false negatives.

    What is the testing process?

    • We discuss your requirements in detail to ensure that tests are appropriate, accurate and cost effective.
    • Testing is carried out by one or more of our professional testing team.
    • Our reports include a management summary, vulnerabilities ranked by severity, recommendations for remediation, and detailed technical explanations. The layout and format can be tailored to meet your in-house requirements.
    • Every test is carried out by a highly trained professional. Their results are subject to both technical review and quality assurance before being securely transmitted to you.
    • You can discuss your test results with our testing team to ensure that the risks and recommendations are understood in the context of your business.
    • Once you have addressed the reported vulnerabilities, we can check that your fixes have been successful or conduct a full re-test.

    We pride ourselves in being with you every step of the way in securing your infrastructure from attack.

    More Information