Purpose
RapidTeks understands the need to conduct regular testing of our infrastructure to ensure its stability and security. Penetration testing confirms that the controls put in place to protect the storage, processing and transmission of data are effective and are keeping pace with emerging vulnerabilities.
Testing
Independent security consultants are contracted to undertake testing with the primary objective of evaluating the resiliency of our systems and networks from various attacks launched from the internet.
Automated and manual testing is conducted by skilled security professionals according to OWASP and NIST recommendations. During the testing period, the consultants analyze and test the attack surface of RapidTeks’ network perimeter by simulating the activities and tactics of a determined attacker.
Results
All results are presented in a detailed and comprehensive security assessment. This report is not published or available for review. Any vulnerabilities are classified with an overall risk based on both the likelihood of the event occurring and the consequences should the vulnerability be exploited to its full extent.
Results are reviewed immediately on receipt and any recommendations are implemented within the following time frames:
- Critical– resolved immediately
- High – resolved as soon as possible
- Medium - resolved when practical
- Low – resolved when practical
Any critical/high risk vulnerabilities identified will trigger a retest to validate the effectiveness of any recommendations implemented. Retesting will be undertaken repeatedly until confirmation is received these vulnerabilities are fixed.
A copy of the latest test certificate is attached below for your review. If you have any further questions or concerns, please contact our office.