The following information sets out NT-ware’s process and methodology as a basic standard for any security and PEN testing organizations we engage to test our product. Any external testing organization must follow privacy, security and confidentiality agreements.
To maximize coverage and ensure that we detect all high-risk vulnerabilities, our testing process includes the following security controls:
Security assessment process
Security assessments follow key stages but, as project requirements and tests are unique to each project, the penetration testing process is invariably adjusted to fit the project’s needs.
Planning and analysis
Report development stage
Our risk rating is based on the OWASP risk rating methodology. The likelihood and impact of findings are categorized as LOW, MEDIUM or HIGH on a scale of 0 to 9. These metrics are then calculated to provide an overall severity rating.