Effectively securing an organization's information assets must at some stage entail active testing of the security measures deployed, in order to practically validate assumptions about the efficacy of these solutions.

Such testing is mostly successful in enumerating oversights and flaws in security architectures precisely because it discounts the 'protective' mindset and bends the 'rules' envisaged by security professionals, by adopting an adversarial approach.

Ultimately, attackers don't think like security professionals; thus, in order to appropriately measure the risks posed by compromise attempts, empirical evidence of the impact of attacks targeting information assets must be analyzed from the perspective of a skilled and motivated attacker.

Security assessment services aim to provide insight into the impact of these risks by simulating targeted attacks against the organization.

An organization needs to assess its security posture from 3 perspectives:

• Application Layer.
• Internet Infrastructure.
• Internal Infrastructure.

In order to assist organizations to identify, manage and mitigate information security vulnerabilities and threats, SensePost have 3 primary approaches to assessments:

• Spot-Check.
• Black-Box.
• High Assurance.