Continuous Penetration Testing
The essence of Razorthorn’s Next-Gen Continuous Pen Testing service, Razor’s Edge, is to help find vulnerabilities, verify them and perform base level exploitation to provide organisation-specific risk scores and mitigation advice to improve the overall security of an environment. We work to a schedule of scanning, testing and reporting defined by the client for the duration of the contract length.
This service combines automation and augmented intelligence to seamlessly orchestrate the optimal combination of smart vulnerability scanning on a bespoke basis and manual penetration testing tailored to your requirements.
Razor’s Edge incorporates continuous scanning and manual oversight to ensure new vulnerabilities are identified and highlighted immediately to provide you with the necessary assurance that your infrastructure has suitable security measures in place to help protect against the latest threats. All testing is conducted in line with current industry best practice.
To arrange a demo or find out more, book a call with us today.
Benefits of Continuous Penetration Testing
Highlight vulnerabilities early before they become unmanageable
Quantifies the value of your existing security investment
Confirms compliance with regulations or security certifications
Automated testing results save time
Identify weaknesses and enable effective risk management
Facilitates business continuity
Guards the reputation of your brand
Protects against financial damage
The Razorthorn Approach
We will identify security issues by using the following steps:
1. Onboarding
- Baseline scan of all new domains
- Baseline report submitted to client
- Automated scanning configured
- Scan starts on contracted routine interval
2. Scan collation
- Every scan report is manually verified
- New (high/critical) vulnerabilities explored/exploited
- False-positives verified/removed
- Vulnerabilities further analysed
3. Vulnerability analysis
- Research
- National Vulnerability Database (NVD)
- Common Vulnerabilities Database (CVE)
- Revised risk/vulnerability score
4. Exploitation
- Metasploit
- Hashcat
- Burpsuite and more…
5. Technical report
You will be provided with extensive reports based on level of service required; Scan reports will highlight vulnerabilities found during scanning with background information and are provided at regular intervals. Technical reports are produced to a specified interval, highlighting strengths and weaknesses and give advice on how to improve the vulnerabilities uncovered. The Technical Report also enables technical staff to become more familiar with the attack scenarios that hackers would use for attacking their environment, in order to prevent them in future.
Technical reports include:
- Detailed description of vulnerabilities and weaknesses
- Detailed description of positive security aspects
- Remediation advice where possible
Continuous Penetration Testing Enquiry
Our security experts provide you with an ongoing, hassle-free way to identify any security weaknesses and threats to your network and data. Get in touch to arrange an initial discussion.