SORCE Ltd

Perspective Risk provides ‘plain English’ penetration testing for SORCE Ltd 

SORCE regularly conducts in-house penetration tests to ensure the security of its extranet log-in pages. In November, a client requested that the team also undertake an independent penetration test by a CREST-certified team of experts as part of a due diligence exercise.  

After talking to three potential vendors, the team decided Perspective Risk offered the best value for money. ”Alex was very attentive during the sales process”, explained Managing Director, John Nicklin. ”He understood exactly what we needed, talked in plain English and put together a proposal extremely quickly. We valued Perspective Risk’s responsiveness because our client wanted a very quick turnaround – we’re talking within a week.” 

A highly consultative approach  

Perspective Risk assigned an experienced and fully accredited consultant to undertake a single application penetration test. ” 

Our client had a couple of very specific requests”, said John. ”The guys at Perspective Risk had a can-do attitude and were flexible enough to accommodate them without any quibble.” 

The penetration test was completed in two parts. First, the consultant attempted to break into the extranet using a number of sophisticated techniques used by hackers. Secondly, the consultant was given login credentials to test the software’s resilience to misuse. For example, by testing whether users could escalate their system privileges. ” 

With something like an intranet that’s used by thousands of staff, it’s important to test what’s behind the log-in, as well as the actual log-in itself”, says Pravesh Kara, Senior Consultant at Perspective Risk. ”It’s becoming more common now for cyber criminals to target company staff in order to obtain passwords, which are then used to gain entry into the corporation’s web applications. That’s why it was important that SORCE had a thorough understanding of what would happen if hackers found their way into an instance of their intranet software, and how to minimize associated risk.” 

Immediately actionable reporting  

“I found Perspective Risk to be highly solutions-focused, pointing out areas where we could further enhance our security”, said John. ”The consultant had taken the time to interpret the findings based on a real understanding of what we were asking of them. He used a report format that allowed us to quickly make sense of what we needed to focus on.” 

Supporting ongoing promotion 

The work that Perspective Risk undertook helped SORCE to sail through their client’s due diligence check. It also had a wider effect on the business: ”The report gave us something else to talk about with new and existing clients”, said John. ”As a result, new clients who would normally do their own Pen Tests on our software are usually satisfied with the findings of our report. It means we save them time and hassle – and that message can be a deal-clincher.” 

The Client 

SORCE Ltd provides intranet solutions for organisations in all sectors, with customers including EDF Energy, the NHS, Bibby Distribution, ATS Euromaster and ATOC. 

Competing with big players such as Microsoft SharePoint, SORCE differentiates by customizing its product to meet the business objectives of its clients. SORCE’s intranet software is usually hidden within the client’s network. 

As these extranet logins are externally facing, the team at SORCE are proactive in maintaining the highest levels of online security. 

How Perspective Risk add value  

  • Penetration tests were customized to meet the specific needs of one of SORCE’s prospective clients 
  • The tests were conducted by CREST and CHECK certified consultants. This enabled SORCE to promote a commitment to security more widely in its promotions 
  • Plain English reporting helped SORCE’s Development Team and non-technical directors quickly understand any vulnerable aspects of the software and how to take suitable action 
  • A highly responsive service allowed SORCE to meet challenging deadlines imposed by its client 

Quotes 

“Best value-for-money penetration testing on the market.” 

“We will definitely use Perspective Risk again and we have already recommended them to a number of our clients.” John Nicklin, Managing Director, SORCE Ltd