What is SPA?
SPA is a rigid evaluation process of the targeted system or network current state of security by simulating internal and external attacks scenario by attacker/hacker. This involves active analysis on the system, application, network or process for any weaknesses, technical flaw or vulnerabilities. SPA will then exploit those vulnerabilities to demonstrate that the security mechanism can and will fail.
SPA is developed and accordance to :
- ISO27001
- Payment Card Industry – Data Security Standard (PCI-DSS)
- SANS Top 20 Internet Security Vulnerabilities
- Center for Internet Security
- ISECOM Open Source Security Test Methodology Manual (OSSTMM)
- ISECOM Open Web Application Security Project (OWASP)
