Recurring penetration testing

Security is a journey. Not a destination. The threat is rapidly evolving. Only recurring penetration testing allows the constant evaluation of the IS security status of an organization. Recurring penetration testing is becoming even more important today due to the outreach of attacks; the exploitation of flaws is no longer solely reserved for experts in the field. Even people who lack the technical expertise, with few resources and a deliberate desire to damage can definitely cause harm to the IS of the organization

Aware of what is at stake, DATAPROTECT is now offering its customers the possibility to carry out recurring internal and external penetration testing through specific framework agreements.

The perimeter of the framework agreement

To better grasp the perimeter, DATAPROTECT offers different types of tests, taking into account the customer's needs, expectations and constraints.

- External Perimeter
  • Frequency (Monthly / Quarterly / Biannually / Annually)
  • Black box / Gray box / White box
- Internal Perimeter
  • Frequency (Monthly / Quarterly / Biannually / Annually)
  • Definition of the perimeter to be audited
  • Black box / Gray box / White box
- Application Audit
  • Security acceptance (prior to any commissioning)
  • Code review
  • Sealing audit

Our assets

Carrying out recurring penetration testing missions was designed as a value-added offering through:

- The carrying out of the mission by expert consultants::
  • Trained consultants that are certified in: CEH, OSCP, CISSP, CISA, PCI QSA, PA QSA, CISSP, ISO 27001 Lead Auditor, ISO 27001 Lead Implementer,
  • Qualified consultants: demonstrated experience in similar projects
  • Due regard to confidentiality: Elaboration of a communication protocol for an increased protection and communication of the audit findings
- An outstanding experience in information system security:
  • Capitalizing on a dozen security audit framework agreements
  • Industrializing the approach of recurring penetration testing
  • An ongoing monitoring of IS security
  • More than 100 IS security audit missions
  • Expertise and specific tools for penetration testing
- Set up of an Ethical Hacking Lab:
  • The standard is largely redundant and requires a specific reading
  • The 27001 approach is not a guarantee of suitable quality but rather of continuous improvement
  • The 27001 approach contributes to regulatory requirements (e.g. PCI-DSS) subject to adjustments of the approach
- Set up of a “Security Operations Center”
- A globally recognized accreditation as a PCI QSA and PA QSA
- A security audit methodology based on internationally recognized references

Our references

DATAPROTECT has carried out many recurring penetration testing missions through framework agreements with renowned organizations in Morocco and in the region. We can namely cite: