Security Assessment Perspectives

Effectively securing an organization’s information assets must at some stage entail active testing of the security measures deployed, in order to practically validate assumptions about the efficacy of these solutions.

SensePost Logo header
quick links
Home -> Services -> Security Assessment Services -> Security Assessment Perspectives

Essentially, an organization needs to assess its security posture from 3 perspectives, briefly outlined below:

application layer

The number of Web Applications, which expose business logic both internally and externally is increasingly defining an organization's footprint. This exposed and distilled business logic makes such applications a prime target for attack.

Such applications are either purchased off the shelf or are custom developed. Application security is a major shortcoming across the board, and compromises of custom as well as vendor-developed applications which seem to escalate on a daily basis. Due to the nature and/or strategic placement of these applications it is critical for an organization to assess their security posture.

SensePost offer application assessments on both rich-client and browser-based applications.

internet infrastructure

This perspective entails the resources and services an organization has, exposed to the public Internet.

Most, if not all organizations today require some form of connectivity to various external providers, business partners and similar, and consequently must expose certain resources publicly. This is even more apparent for organizations that conduct commerce using the Internet as a medium.

These services are accessible to most people surfing the Internet and are thus, by the very nature of the internet, exposed. Therefore, it is essential that application environments be regularly assessed to ensure that the security posture is appropriate and in-line with acceptable practice.

internal infrastructure

In our experience, we have found that most organizations perceive the attacker threat to originate from an external location, which is largely unknown to the organization.

This assumption leadis many organizations to design their security to focus on the perimeter. Not much emphasis is given to the internal network, which is mostly left unsecured. At the same time, the composition of the organizational work force is changing - more temporary or contract staff is employed. These 'untrusted' employees have an elevated level of privilege on the network, which potentially makes them a threat to organizational security.

It is no longer acceptable to allow the internal network to be left insecure. An organization needs to assess the internal network to identify vulnerabilities and threats which an employee can intentionally or unintentionally exploit, resulting in a compromise.

Neighbouring sections

Copyright © SensePost Pty Ltd