The bluedog pen test approach

• Security is about people, not technology
• Assessments should be business risk driven
• If nobody understands a report, you’ve failed…

There are so many providers out there that claim to provide the best possible penetration testing services. How do you know who you should pick?

First things first, you have to know the scope of testing. Penetration testing is a widely used term and can mean many different things: Is it a web application only? Does it include a source code review? Is infrastructure involved? A cloud application with Azure or AWS? Trying to get a complete overview of issues or is there a goal driven approach, where the assessment tries to actually break into an organisation and steal crown jewels? All these examples can fall under the term penetration testing.

One of the core missions of bluedog is to help you identify exactly what it is your client is asking for. We are here to help you, each step of the way. Using a unique approach to prepare, execute and deliver on promise is what makes bluedog unique. The entire process is closely governed and controlled by skilled professionals with dozens of years of experience in the field.

The bluedog professionals are trusted to train employees of major companies like Accenture and Petronas in fields of penetration testing, code review and forensics.

Testing web apps is done with tooling, is it?

No, it isn’t. We no longer live in the zero’s where applications were written in a straight request/response manner. We live in a mobile world now, where responsive, single page application with front and backends are flourishing. Tooling doesn’t work anymore on these types of applications. It’s all about business logic bypasses and authorisation or authentication flaws inside applications.