As open-source advocates and champions, we believe we need to tangibly prove the efforts that go into keeping the systems we build and use, safe.
A penetration test (also known as a pentest) examines the security of as many network components as feasible by using the same techniques used by professional attackers to gain illegal access and breach a company's system. As a result, a pentest replicates an attack to ensure that no hacker can get access to the system.
To reach high internal security standards, it's become vital to enlist the help of specialists to examine your security system and identify any potential flaws. We at Code Enigma want our clients to be happy with their services, therefore we decided to get a formal certificate to ensure that our system landscapes fulfil the greatest security requirements.
The process and outcome
All pentesting is intense, but ours is meticulous. Not just in regard to the process, but the outcomes are rigorously and routinely scrutinised.
We hired DOQEX to conduct security testing on a set of publicly available IP addresses that are part of our customer and internal infrastructure. A high-level vulnerability assessment was also performed on three of our clients' sites.
The goal of this test was to identify and evaluate infrastructure-level components and services in order to estimate the risk of exposure we and our clients face from a typical assault.
The testers' overall view of our environment throughout this engagement is that it is well-managed and secure, with a strong focus on best practices. As we make information security a part of our culture, there is a focus on continuous improvement, which means we're constantly evolving both practices and technology. Efforts such as moving to centralised authentication makes things easier to maintain, but also reduces any possible attack surface for authentication-based attacks.
DOQEX commented that with an estate the size of ours, discovering what they did (which was a modest amount) is a really wonderful thing. It's remarkable that we take security so seriously. It's obvious that this is an organisational issue and everyone takes accountability. Security isn't left to a single individual to patch. It's a team effort and it's part of our culture.