Security Testing

Security testing is the art of utilizing offensive testing techniques to verify the effectiveness of existing security controls and verifying the full impact of any identified vulnerabilities should they be exploited by a malicious attacker.

Different offensive testing techniques can be used depending on your organization’s security objectives. These techniques range in scope and coverage from initial vulnerability assessments, which have a bigger focus on breadth of coverage, to penetration testing which are a more in-depth examination of specific assets (such as web applications, networks or mobile applications). Penetration testing then leads onto and forms part of larger, more complex and in-depth attack simulations which span multiple domains of information security (people, process and technology) to identify vulnerabilities across the organization.

The BSI Security Testing Maturity Framework (outlined below) can be used to help identify the most effective security testing level for your organization. The framework marries the security maturity of an organization with its appetite for risk to identify the optimal level of testing and provide the best return-on-investment.

We can provide many of these services through our security testing practice, including:

Foundation

Vulnerability Assessments:

utilizing tools and techniques which are designed to identify and classify vulnerabilities before applying consultant knowledge to verify identified vulnerabilities and apply context for prioritization

Focused

Penetration Testing:

using manual testing techniques along with some automated processes and tools to assess the security posture and identify any security vulnerabilities which may be present in specific assets, for example, networks, web applications, mobile applications and internet of things devices

Resilient

Attack Simulation Assessments:

Red Team testing (offensive assessments), attacking the whole organization across multiple domains (people, process and technology)
Blue Team testing (defensive assessments), coaching and assessing response team activities versus best practice or organizational key performance indicators (KPIs)
Purple Team testing (offensive and defensive), with one team performing offensive attacks whilst assessing, and in some cases coaching, the defensive teams' ability to respond to the attacks

Which testing is right for you?

Vulnerability Assessment - Foundation Level

The foundation maturity level is designed to establish your security capability. It is the first step on the journey and creates the initial technical baseline from which to build on your security program.

Learn more >

Penetration Testing - Focused Level

This maturity level is designed for organizations with a growing security capability and is looking to identify and achieve security improvements. This should also align with the organization’s risk appetite

Learn more >

Attack Simulation -
Resilient Level

This maturity level is designed for organizations with a fully grown, established security function who are looking for holistic assurances across their business with regards to their security posture.

Learn more >

Asia Pacific

Europe

Americas

Middle East and Africa

Can't find a country or region?

Popular

Access and buy standards

About standards

Standards and information

Auditing, certification and training

Consulting practices

Industry reports, research and news

Security Testing