“Corporations don’t do pentesting, people do”, our consultants have strong industry experience and expert technical ability. We couple this experience with a thorough methodical approach to provide clients with meaningful vulnerability identification.
Our flexible approach helps you gain an understanding of the issues in real time and mitigate critical findings swiftly. Daily debrief sessions to discuss findings and agree testing plans for the next day enable us to guide and amend complex engagements to deliver focused results that are great value to your business.
Whilst every pentest varies due to the scope and nature of the systems involved, penetration testing will follow our custom developed methodologies and checklists which have been designed to exceed recognised industry standards such as NIST, OSSTMM, OWASP and PTES.
We work in line with all industry good practice to deliver consistent results; ISO27001, The Cyber Scheme, OWASP, MITRE ATT&CK
Whilst using a checklist provides comprehensive coverage, we are conscious that penetration testing is an iterative process. Therefore the consultant’s experience and intuition is vital in identifying more complex vulnerabilities. This is where RM Information Security’s human approach to technology is most evident.
How we work
Requirements Gathering
- Scoping discussion
- Proposal document
- Technical walk through
Initiating the project
- Project initiation
- Authorisation to test
- Confirming access credentials
Test phase
- Testing methodology
- Test data security
- Issues and findings notification
Reporting
- Report production
- CVSS risk rating
- Audit / client facing reports
Aftercare
- Data destruction
- Consultation / debrief sessions
- Retesting / fix testing