Security testing/Penetration testing

A Penetration Test is the practice of conducting a pre-approved real-world attack against a computer system, a network, hardware, web application, etc. to identify, and determine the risks and security weaknesses (also referred to as vulnerabilities) against said function. This is done so that the security weaknesses can be mitigated before they are discovered and exploited by others.

A Penetration Test can be based on different standards and methodologies such as: OSSTMM, OWASP, PTES, TIBER-(EU/SE/DK, etc) and NIST 800-115. These standards provide a framework for the Penetration Testing phases, procedures and controls to be tested.

Why Conduct a Penetration Test?

A Penetration Test can be of great value for an organisation as it:

  • Ensures that the security weakness of the organisation are uncovered, and fixed, before the real attackers do.
  • Assesses the magnitude of potential business and operational impacts of successful attacks.
  • Provides evidence to support the investments decision in security personnel and technology to C-level management and investors.
  • Ensures that the organization’ security defences work efficiently and prevent cyber security incidents.
  • Provides education and learning for both C-level management and technical personnel.
  • Helps the organization meet compliance for GDPR, PCI DSS, ISO 27001/2 and CIS CSC 7 and other security standard or methodology.

Security Standards and Compliance

Security and Penetration tests are most often used as a means to uncover technical weaknesses, but they can also be used to validate compliance with various security standards and demands. Examples are:

  • Compliance audits and checks of configurations.
  • Compliance to the company’s internal security policies.
  • The security awareness of the employees.
  • The company’s ability to discover and deal with security incidents.

Examples of regulative requirements, security standards and frameworks that can be used to check for compliance are GDPR, PCI DSS, ISO 27001/2 and CIS CSC 7.

What and how?

While Combitech test teams can do penetration tests of virtually anything, the main groups of tests that Combitech conduct are: 

  • [Web/Mobile] Application Tests
  • Perimeter Tests
  • System Tests
  • Network Tests
  • IoT Tests
  • OT Tests
  • Scenario Based Testing
  • Red Team Exercise
  • Verification Tests

A safe society through safe organisations

We are building safe societies through organizations on their own premises. This means that all Penetration Testing findings should support the business strategy and the business purpose, and not become a limitation. Our approach can be scaled both horizontally and vertically to ensure that the organization is secured within the financial, and resource, limitations given by their specific situation and place in the market.

Our approach can be used for both small, medium and large organisations and our offer ranges from services covering strategic/management services as well as to technical products.

Learn more about: