The Simana team manages a multi-layered approach to vulnerability scanning, using a variety of industry-recognized tools to ensure comprehensive coverage of our technology stack. The goal of these programs is to iteratively identify flaws that present security risk and rapidly address any issues.
Continuous testing & monitoring
Simana utilises industry leading tools to run continuous network accessibility tests. This assesses applications for exposure, vulnerabilities and deviations from best practices. This testing allows for;
- Security checks to be automated and integrated into deployment and production processes
- Early identification of any potential vulnerabilities
- Access to and checks against the latest security best practices, compliance standards and vulnerabilities.
Testing is continuous and evaluated weekly.
Independent penetration testing
Seedata engages with an industry recognized and accredited penetration test provider to deliver independent penetration tests on a regular frequency (see Section 5). Engaging a third-party allows for;
- Increased scope of tests
- To ensure the latest industry best practice is used, applied by certified experts
- To provide a “fresh-eyes” approach to testing
Seedata’s penetration test provider has the highest levels of cyber security certification, including CISSP, CEH. The provider is an ISO 27001 Specialist.
Reviewing and processing of results
Our goal is always to expedite the resolution of any identified vulnerabilities and implement sustainable controls to ensure they do not occur in the future.
Results of our continuous testing and monitoring are flagged as scanned and formally reviewed on a weekly basis. In the instance of third-party testing, Seedata work with the contracted parties to identify and plan any remediation that may be required.
The details contained within penetration tests can be highly sensitive. Therefore, it is not permitted to share results, or summaries of results, externally. This limits the risk of any identified vulnerabilities from being exploited, thereby ensuring the security of all of our customers data.