As an ISO 27001 company, Enable takes the security of its software seriously. That’s why, every 18 months, we hire a third-party company, NCC Group, to carry out penetration testing, also referred to as “ethical hacking.”
The process of penetration testing is, on its surface, almost identical to actual hacking. The tools and techniques typically employed by malicious hackers are used by testers in order to discover system vulnerabilities and highlight potential risks. In Enable’s case, the potential vulnerabilities of a web-based SAAS platform are the primary point of focus.
The concept of a third party intentionally carrying out hacking operations against our system may seem counterintuitive. In fact, the use of third-party hackers allows Enable to understand what techniques outside agents, who have little to no understanding of the system, might use. And it yields results: our most recent test revealed several potential security vulnerabilities. While these vulnerabilities were all deemed low-risk, our engineering team still used the knowledge of their existence to fortify and secure our system against future, similar attacks.
However, Enable is not solely reliant on external testing. Multiple internal security tests are carried out, too, particularly on newer features, which are subject to penetration testing as part of their development.
Overall, the use of penetration testing and other security checks allows us to identify the risk levels of security vulnerabilities and provide us with greater confidence in the resilience of our software’s security against cyberattacks.