Conducting a comprehensive security assessment to eliminate the distraction of security concerns

Data that can be damaging to a company isn’t always hidden behind web applications’ security controls. Sometimes information contained in documents that are publically available online can pose a similar risk. So when our client, a company specialising in investments and corporate credits, wanted to assess the overall security of its external infrastructure, it asked ​7Safe to address both issues.

We began by examining vast amounts of publically available information for traces of data that could pose a threat to the company. Next, we turned our attention to the client’s website, where we probed for vulnerabilities that attackers could exploit. To make our assessment as realistic as possible, we used a ‘black box’ approach. This means we didn’t receive any information about the client’s systems before we began our penetration testing. We came to the task from the same position as any potential attacker would.

Our assessment and subsequent report confirmed that the client’s infrastructure was secured to a good standard and that the company’s exposure through publically available information was minimal and in line with typical business marketing activity. Our report also identified a number of straightforward remedial actions the client could take to address some low-risk issues we had found and strengthen security further.

Our work provided the client with a high degree of confidence in the standard of its security arrangements and enabled it to focus on pursuing its business goals without the distraction of security concerns.