AppCheck in the hands of a pen tester

What AppCheck can do in the hands of a pen tester

Dean Moulden, Senior Penetration Tester at Security Risk Management (SRM), explains how AppCheck helps him and the rest of SRM’s penetration testing team to offer clients a fast, accurate and reliable service.

 

I often see articles published about vulnerability scanning tools vs manual penetration testing with the pros and cons of each approach weighed against each other as rival solutions. But at SRM we’ve been successfully incorporating the two for several years, combining the individual strengths of both approaches in order to deliver a stronger overall service to our clients as part of a holistic and integrated Managed Security Service.

While there is significant value in manually simulating the kind of attacks that we would expect to be attempted by a hacker, every project I undertake today begins with an automated scan. Without the use of AppCheck I would have to manually investigate each and every potential issue, running thousands of tests – which would, of course, take a great deal of time.

Not only is this a laborious task and incredibly inefficient; it would also make it highly unlikely that we would win business from a new client because such extensive testing would add huge costs to their cybersecurity budget.

As a matter of course, I now set a vulnerability scan off at the start of every new test programme in order to identify the widest possible range of vulnerabilities, while my manual work is performed to identify some of the in-depth issues that can only be fully assessed and explored through penetration testing by an experienced human tester. Once the AppCheck scan is complete, I use the reporting tool to guide next steps and inform further efforts. The result is a quicker, more efficient test that is cost effective for our clients and expedites our reporting function so that remedial work can be performed promptly.

While there are a number of other automated vulnerability scanning tools on the market, what I value most about AppCheck is that it provides a greater depth of detail. Quite simply it flags up more issues, more accurately than other tools might. I also particularly like how straightforward it makes the scanning of an organisation’s internal information systems –- those only available on the organisation’s network and hidden behind perimeter firewalls – thanks to AppCheck’s easily-deployed “internal scanning hubs”.

For SRM’s penetration testing team this means that we get an even better overall view in terms of the security of in-scope hosts. Again, this enables us to zone in on high priority issues and provide much better value for clients.

On any given project, using AppCheck helps us save anywhere between a few days and several weeks of work depending on the size of the project. It also helps us create reports that are in-depth and meaningful to the client. The clear, concise dashboard allows a client’s in-house teams to quickly highlight key risks and understand the appropriate remediation advice we provide.

As cyber risks grow and businesses look to move away from point-in-time testing towards continuous scanning and surveillance, AppCheck gives us ability to deploy internal scanning hubs and schedule both internal and external scans, which can be constantly reviewed by our team. The benefits of this type of Managed Security Service are significant and, in our hands, can substantially improve a client’s risk posture.

Find out more about SRM’s penetration testing services and information security services by visiting www.srm-solutions.com.

Get started with Appcheck

No software to download or install.
Contact us or call us 0113 887 8380

Start your free trial