Penetration Tests of Products
Penetration tests can be applied to evaluate the security of IT products. A test conducted by external security experts points out weaknesses that are easily overlooked during the development process. A pentest before a product's final release may also avoid possible follow-up costs. Additionally, the results of a product pentest can be used for advertising, allowing for a competitive advantage.
Placing trust in RedTeam Pentesting was definitely worth it. The penetration test was conducted on a very high technical level and vulnerabilities were exposed that other penetration testers did not notice. All in all, the project was a great piece of work: complex technical details were explained in a clear and coherent way, and the awareness for security and vulnerabilities raised. Regular penetration tests will now certainly be conducted in our company.
An IT product where security is relevant can be any combination of hard- and software. One can distinguish between a specification and an implementation test of a product. For example, for a software that is used to provide encrypted communication between a bank and its customers, not only the specification should be tested. Examining the implementation in the way it is used in a productive environment is equally necessary.
Especially for Internet applications, product security tests are recommended. Access is often possible from the Internet and security holes usually have severe consequences. A newly developed web application can for example become an attacker's gateway to your internal systems or data. This does not only harm the application's users, but also your and your product's reputation.
Increasing Demand for Security
A growing field for IT security is the area of embedded devices. These devices are for example used in car or airplane control systems, for wireless communications or online banking transaction security. Due to the increasing complexity of these devices, the number of attack vectors grows, too. A product security test anticipates what attackers might do and helps in closing possible security holes.