Penetration Testing

Experienced consultants in penetration testing identify weakness in your security environment
- all on the autism spectrum and ready to work on your next project.
A cybersecurity analyst works at his computer

Make informed decisions about your security risks

Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or application to find security vulnerabilities that an attacker could exploit. At auticon, our primary objective is to identify weaknesses and vulnerabilities in your organisation’s security environment. Our thorough testing includes measuring the effectiveness and reach of the overarching security policy, staff security awareness and organisational response to security incidents.

Black Box

No inside knowledge of code, processes or tools required

Dual perspectives

We test from both internal (malicious user) and / or external (general exposure) origins

Targeted Approach

Client team fully aware, no surprises, minimum disruption, quick feedback

auticon’s standard penetration testing approach addresses most commonly found security challenges and client requirements. We deliver fast results as well as secure and sustainable mitigation strategies.

auticon’s approach is aligned to the Open Web Application Security Project (OWASP)

  • The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software.
  • Their mission is to make application security “visible”, so that people and organisations can make informed decisions about application security risks.
  • Everyone is free to participate in OWASP and all materials are available under a free and open software license.
  • The OWASP Foundation is a not-for-profit charitable organization that ensures the ongoing availability and support for their work.

Web Security Testing Guide (WSTG)

  • The Web Security Testing Guide (WSTG) project is the primary security testing methodology for web application developers and information security professionals.
  • WSTG is a comprehensive guide to testing the security of web applications and web services, developed as a collaborative effort by cybersecurity professionals and volunteers, providing a set of best practices used by pen-testers around the world.
  • auticon is proud to participate in the evolution of these projects, and extend them to leverage our unique capabilities to the benefit of our clients.

“Bondle is a successful growth company, providing a smart and innovative collaboration solution to manage key interactions with important relationships. The suite of features include network interactions, document storage, task management as well as the ability to sign documents digitally. The success of the business relies heavily on a secure application with adequate security protocols.

To ensure such a secure environment, auticon and its team of highly qualified consultants conducted an important security assessment.

We were very pleased and impressed by auticon’s work ethic, attention to detail and professional approach, which gave us the confidence that our protocols, products, and processes are secure and exceed industry standards.”

– Sandeep Rao, Founder, Founders Wellbeing

 

Key strategies for Penetration Testing

White / Black box:

In white box testing, attackers have full knowledge of the systems architecture, source code, infrastructure and deployment details, simulating an insider, or advanced persistent threat. In black box (also known as “blind”) testing, the attackers know no details of the targeted systems and are thus limited to what an outside attacker would know.

External vs Internal Focus:

External testing focuses on company assets, visible on the internet, e.g., the web application itself, the company website, and email and domain name servers (DNS). The goal is to gain access and extract valuable data.

Internal testing simulates an attack by a malicious insider and focuses on an application behind its firewall. This is not necessarily a rogue employee, but much more commonly could be an employee whose credentials were stolen due to a phishing attack.

Lights on / off:

In “lights on” or “targeted” test IT staff are fully aware of the test and can anticipate and observe an attack in real time. In ”lights out” approach, IT resources are unaware of an attack, which offers unique insight into the clients attack detection capabilities.

Assessment

In the assessment stage, auticon consultants bring together everything they have learnt about the client’s business and systems, and their vulnerabilities, in order to:

  • Classify vulnerabilities according to likelihood and specific business impact, reviewing their severity and mitigation priority
  • Study how combining or chaining these vulnerabilities might more seriously compromise  the systems and business functions they support
  • Examine the nature and patterns of vulnerabilities in order to elicit common themes to address through evolutions of practice and tooling

Summary Report

  • At the completion of the engagement, a comprehensive Findings Report will be produced including:
    • Evidence of tests conducted,
    • list all vulnerabilities and
    • results discovered and
    • recommendations on how to mitigate or eliminate identified vulnerabilities. 
  • The Findings Report will be presented in a walkthrough format to discuss the findings and provide our client the opportunity to ask further questions or raise any feedback  

HOW IT WORKS

Autistic Talent

Our teams have extraordinary cognitive abilities that provide exceptional value in the tech space. Logic, speed, precision, sustained concentration, and an ability to intuitively spot errors provide a uniquely autistic perspective on your tech projects.

Targeted Fulfillment

We closely matching each consultant to your job requirements, office culture, and the neurodiversity goals of your organization. Our autistic consultants arrive at work at your local office, providing expertise in high-demand skills such as business analytics, Salesforce Administration, software development, cybersecurity, quality assurance, and more. Like any team member, they become integrated into your teams and function as employees.

Ensured Success

Our job coaches play a central role in your success, acting as a liaison between you and the autistic consultant, working hand-in-hand to communicate timelines, manage expectations, resolve needs, and ensure the ultimate success of your program.

The auticon advantage

Autistic adults often have extraordinary cognitive abilities, such as logic, pattern recognition, precision, sustained concentration, and an ability to intuitively spot errors, yet many find it difficult to secure or maintain mainstream employment. While autistic strengths are highly individualized, academic research shows advantages emerge:

  • Autistic employees show greater analytical & systemizing skills
  • Innovative & creative intelligence
  • Higher standards & productivity
  • Honesty
Illustration of a job coach at her desk

Job coaches ensure success

auticon’s consultants and clients are supported by our job coaches who ensure that the consultants’ work environments enable them to deliver to their full professional potential. Our  job coaches promote inclusion and wellbeing and are integral to making sure our consultants feel supported in their assignments. Most importantly they provide clients with support and information regarding autism in the workplace and can convey feedback between the client and the consultant.

Our Job Coaches typically have a background in clinical psychology, performance coaching, managing anxiety disorders, special education, and vocational rehabilitation.

A closer look at how we work

Allianz logo

Allianz Case Study

Allianz SE is the holding company of the Allianz group. It is one of the world‘s leading insurance and financial services providers active in the insurance industry, pensions and asset […]
MSD Logo

MSD (Merck & Co.) Case Study

MSD, one of the top 5 global Healthcare companies, implemented a new CRM system. A key module, the Event Management System, needed immediate support to reduce the existing backlog of […]

Autism is not a processing error,
it's a different operating system.

Want to know how we can transform your business through neurodiversity?
Skip to content