A risk based approach
Sopra Steria follows a Risk Based Approach that reveals business risks and not just technical vulnerabilities.
Our security experts understand the business process and deliver valuable results based on real scenarios.
Different risk rating methodologies (CVSS, OWASP) are used based on company specific factors.
The different penetration tests scenarios
- Internal testing: to simulate the
damage a disgruntled employee could
do on your systems.
- External testing: to simulate an outside
hacker attacking your public facing
infrastructure.
- White box testing: the tester has
been provided with some information
regarding the target network before
starting work.
- Black Box / Blind testing: the tester
has been provided with very limited
data or none before the test procedure
takes place.
- Double blind testing: the company’s
blue team is unaware of the attack and
its response capabilities are tested.
Methodologies
- OWASP (Testing Guide, Risk Rating, Top
10, ASVS)
- CVSS
- CWE/SANS TOP 25 Most Dangerous
Software Errors
- Penetration Open Source Security
Testing Methodology Manual (OSSTMM)
- Testing Execution Standard (PTES)
Penetration Testing
Sopra Steria takes the time to understand your
business needs and think like a real attacker.
This allows us to gain a holistic business
overview, as well as a technical point of view.
We will first identify the weakest link that may
cause a severe impact to the organization,
and then escalate to gain privileged access to
information or systems.
Our services are based on a hybrid approach
composed of automated and manual tests.
Tests will be conducted in a controlled and safe
manner. For successful exploited vulnerabilities,
our penetration testing experts will attempt further
actions to increase their presence and gain
elevated privileges.