Assessing security and testing is an essential feedback component of the continuous improvement cycle - canonized by several risk management frameworks. At RiPPUL, we look at Vulnerability Testing as an important component of a well managed risk management program. Typically, testing is used to measure effectiveness of a matured and refined program. It can also be an opener, or a way to present an argument for attention to a particular defined deficit of risk.
The technical details and scope for automated or manual scans depends largely on the assessment's goals. Typical questions we answer and ask are:
- What is the true security posture of an environment?
- How many vulnerabilities exist?
- What is the honest evaluation in context of a business priorities
- Is there a need for testing reactions under certain circumstances?
- What are the ramifications, both technical and ethical, of performing our tests. Can this best serve our client?
RiPPUL offers personnel testing, physical testing, and system/network testing.