by Dom Bowker
Every day we seem to hear of a new cyber-attack or data breach; regular malicious attacks on company systems proving that as an organization you can never be complacent. While traditional firewalls and security controls are an important layer of any IT security policy, they can’t defend or warn against many other specific threats which can attack web applications.
We take security very seriously at DWS, certified to ISO27001 standard, the security of our customer data is a top priority for us. To make sure that we know our systems are secure, we undertook a penetration test, a process known as ‘ethical hacking’ to find out how we would fare.
To do this we engaged the services of a highly respected third-party security provider to carry out penetration testing of our software and systems for our web application and API. This consisted of an attempt to breach our systems using tools and techniques commonly used in malicious attacks against our existing security defences.
Using a CREST approved penetration testing company gave us peace of mind that the tests undertaken would be carried out by certified experts. Each penetration test addressed business risks and the impact to confidentiality, integrity, and availability of data. It provided a good indication to DWS management and the technical teams on how to best prioritise, plan, budget and remediate any risks in a structured manner.
The summary of findings concluded that overall, the initial risk provided to DWS assets was ‘Medium’ but after retesting the current risk is ‘Low’. Furthermore, no critical issues were discovered, and the overall security was deemed as ‘Good’.
