Third-party OWASP penetration testing is used to assess an organisation’s security systems and reveal security vulnerabilities so that they can be fixed before any damage occurs. Touch regularly conducts pen testing using a certified third-party specialist to assure the security of our customers’ data, and their compliance obligations. It means you can trust us to protect your valuable data. The most recent pen test identified ZERO threats to be corrected.
Third-party penetration testing (also known as a ‘pen test’) is not an overly familiar term to many organisations. However, as the number of security breaches and cyberattacks grows inexorably, the demand for pen tests is growing rapidly. So, what is a pen test, and what benefits does it provide?
Penetration testing (‘pen testing’) is a security exercise that employs a specialist provider (using ‘ethical hackers’) to probe and assess an organisation’s security vulnerabilities using a defined and open process. The aim of the test is to reveal security vulnerabilities in networks, applications, physical facilities and even individuals so that any weaknesses can be fixed.
In turn, of course, this has implications for compliance, particularly around the secure storage of personal data. The thinking behind pen testing is simple: “If an ethical hacker can break into your systems, then so too can a real hacker”. Of course, the difference is that the ethical hacker is working for your organisation with the aim of helping to strengthen security.
A pen test is a risk assessment of security processes and systems offering multiple benefits, such as:
That’s why Touch invests significantly in performing regular OWASP-based third-party penetration testing by an external specialist. Ensuring that our systems and data are as secure as they can be, means that our customers can rest assured that Touch is keeping their data secure and safe.
Open Web Application Security Project (OWASP) penetration testing is designed to identify, safely exploit, and help to address security vulnerabilities in an organisation. Any weaknesses found can then be rectified before they can be exploited.
On an initial basis, it assesses the security of applications to identify vulnerabilities outlined in the OWASP Top Ten [see below]. This list is then used as a starting point for supporting web application developers and DevOps teams, and in helping organisations to become security aware.
OWASP is a non-profit organisation founded in 2003. Its mission is to improve software security by providing open-source tools, techniques, and mindsets to increase application security in software projects. It also provides free educational content on security testing.
The OWASP Top Ten provides a standards-aware risk assessment of the most common security threats and vulnerabilities found each year, and as such provides a starting point for building a broader security strategy.
The current OWASP Top Ten (the most common security risks in 2021) is:
The benefits of OWASP pen testing are multi-fold. As well as identifying and addressing vulnerabilities and reducing the risk of data breaches and disruption to services, it can also provide better assurance for standards and compliance regulations such as PCI DSS, ISO 27001, and the General Data Protection Regulations (GDPR) and NIS Directive.
At the same time, it provides a platform for improving software development and quality assurance practices by providing organisations with insight into security threats and risks, while supporting better-informed future security decisions.
Touch conducts OWASP pen testing at least once a year – the recommended regularity – but sometimes more frequently when major software releases or updates are made. Tests are conducted by a third-party specialist provider that conforms to the highest legal, ethical and technical standards, and follows best practices.
Validating our security program and demonstrating our security, including audits and open and transparent processes, in this way benefits all our customers by providing peace of mind that Touch is not only ensuring the security of their data, but also helping them to meet compliance obligations.
Get in touch to find out more about how we ensure the security and integrity of your data.