June 2007

'Deperimeterisation' - Increased demand for authenticated testing

ProCheckUp is continuing to see an increase in the requirement for and vulnerabilities discovered during authenticated security testing. Although ProCheckUp has been performing malicious user and session testing since 2000 (particularly within the financial sector), it is becoming increasingly common for clients from other vertical sectors to test their systems from this perspective.

A key reason for the growth in malicious user and session testing is the increasing number of externally facing systems, which can be shared by internal staff, business partners, clients and so on. Many large organisations are incorporating this strategy as part of an overall externalisation or 'deperimeterisation' programme.

Malicious user testing involves accessing a system using credentials, typically a username and password, to assess whether a user can subvert the application or gain access to information which is outside of their remit or permission levels.

Session testing assesses whether or not an attacker can traverse between user accounts or as an example, re-logon to a system once the legitimate user believes they have exited an application.

ProCheckUp has developed its artificial intelligence engine to facilitate malicious user and session testing and is frequently finding vulnerabilities that have not been located during conventional manual tests.

ProCheckUp’s subscription service has proved popular with organisations that have ad-hoc requirements and need to call off infrastructure and application level penetration tests upon demand. ProCheckUp’s subscription service allows malicious user and authenticated session tests to be requested at very short notice.

For further information please contact ProCheckUp on 020 7307 5001.