Penetration Testing - Executive Summary

Penetration Testing - Executive Summary

Purpose

RapidTeks understands the need to conduct regular testing of our infrastructure to ensure its stability and security. Penetration testing confirms that the controls put in place to protect the storage, processing and transmission of data are effective and are keeping pace with emerging vulnerabilities.

Testing

Independent security consultants are contracted to undertake testing with the primary objective of evaluating the resiliency of our systems and networks from various attacks launched from the internet. 
Automated and manual testing is conducted by skilled security professionals according to OWASP and NIST recommendations. During the testing period, the consultants analyze and test the attack surface of RapidTeks’ network perimeter by simulating the activities and tactics of a determined attacker. 

Results

All results are presented in a detailed and comprehensive security assessment. This report is not published or available for review. Any vulnerabilities are classified with an overall risk based on both the likelihood of the event occurring and the consequences should the vulnerability be exploited to its full extent.   
Results are reviewed immediately on receipt and any recommendations are implemented within the following time frames:
  1. Critical– resolved immediately 
  2. High – resolved as soon as possible 
  3. Medium - resolved when practical 
  4. Low – resolved when practical 
Any critical/high risk vulnerabilities identified will trigger a retest to validate the effectiveness of any recommendations implemented. Retesting will be undertaken repeatedly until confirmation is received these vulnerabilities are fixed. 

A copy of the latest test certificate is attached below for your review. If you have any further questions or concerns, please contact our office. 

    • Related Articles

    • Data Management - Executive Summary

      Data Management - Executive Summary TransVirtual data management is continually reviewed to ensure that the information we collect via TransVirtual is as accurate and high quality as possible. Subsequent storage must maintain robust security and ...
    • Agent Invoicing

      Invoice Reconciliation A few things to note before starting is the Excel file of your invoice will need have the columns Consignment number and either Base Total or Grand total at a minimum You can also add other fields like levies, taxes or ...
    • Uploading and Processing Paper POD Images

      Uploading and Processing Paper POD Images In the TransVirtual Web Portal, Select the following: Home > Image Processing > Upload/Process Images This will open a window that allows you to upload images and start processing them. Click to select or ...
    • ISO 27001:2013 ISMS Overview

      So you have heard about our ISO27001 certification, but you are not really sure what it means? The 30 second overview: Certification requires us to have a robust and wide ranging Information Security Management System (ISMS) in place to: ...
    • Service Levels

      Service Levels Service Levels play a crucial role in TransVirtual as they are used to determine what type of freight a consignment falls under and are therefore very important in pricing a consignment. A list of the Service Levels in your account can ...