Pentest with Tier Zero Security , New Zealand, Wellington, Auckland, Christchurch, Penetration testing, Pentest, Pen Testing, Pen Test, Red Teaming, Red Team, Purple Teaming, Purple Team, Secure Development Training, Active Directory Security Training, Security Training, Security Services

21 January 2024
Claudio Contin

Penetration testing

At Tier Zero, we specialise in providing cutting-edge Cyber Security Services to enhance your digital defences. One of our areas of expertise is penetration testing, a proactive approach to identifying and mitigating vulnerabilities before cyber threats can exploit them.

The diagram below illustrates the four phases typically involved in a penetration test engagement:

A full list of penetration testing services we offer can be found here.

Scoping

Gaining a full understanding of your solution is crucial. Tier Zero Security requires specific information to craft a detailed quote, including:

• Solution architecture - Guide us through your solution to deepen our understanding. Specifically for web or mobile applications, key aspects include the number of features, supported user roles, integrations with third-party APIs, and more. If feasible, providing a solution document or a demo would be invaluable.
• End users: Tell us about the intended users of the solution to tailor our services effectively.
• Timeframes: Provide us with your desired timeline for completion to help us plan resources accordingly.
• Budget constraints: Tell us about any budgetary constraints or limitations to ensure our proposal aligns with your financial expectations.
• Any other details: Please share any additional information that we need to know.

Typically, these details are addressed within an initial 30-minute meeting.

Following the meeting, Tier Zero Security will provide you with a Statement of Work (SoW), which will include the scope of the review, the approach, the requirements and the cost.

Finally, Tier Zero Security will work with you to schedule the review and notify you the expected start and end date of the testing.

Pre-engagement

Before testing commences, Tier Zero Security will contact you to confirm readiness and ensure that all necessary access and test credentials, if applicable, are in place.

Additionally, we will establish a communication channel to promptly address any queries during testing or report critical issues.

Testing and Reporting

Tier Zero Security will conduct testing within the agreed-upon time frames and scope, ensuring the drafting of a detailed report. If any issues arise that require immediate attention, we will promptly communicate the details to you.

Prior to the final release of the report, it undergoes thorough review by Tier Zero Security's consultants. The finalised report will be ready within 5 working days post-testing completion. If required, we can provide a draft version beforehand.

The penetration test report will comprehensively document identified vulnerabilities, providing detailed descriptions alongside reproducible steps. Each vulnerability will be categorised by severity to prioritise remediation efforts effectively. Additionally, the report will offer specific recommendations for resolving each issue, ensuring actionable insights for your team.

Furthermore, an executive summary will be provided, offering a high-level overview of the security status of the solution. This summary will condense key findings and recommendations into a concise format, allowing executives to grasp the security posture at a glance.

Post-engagement

Following the testing phase, Tier Zero Security offers a post-testing session for any inquiries pertaining to identified issues or recommended remedial actions.

Furthermore, we extend the option for retesting identified issues post-remediation, billed hourly and contingent upon the scope of issues for reevaluation.

For a full list of Tier Zero Security services visit: Tier Zero Security services.