Industry:
Cultural Institutions
The Solution:
A bespoke, call-off penetration testing service employing best-of-breed open standards, delivered remotely by experienced CHECK and CREST certified testing engineers.
Services:
- Penetration testing of external networks, web applications, APIs, and mobile and desktop applications
- Full application lifecycle testing and re-testing
- Dedicated team managing scheduling, testing, reporting, and progress tracking
- Monthly reviews
Benefits:
- Reduced risk of data loss and corruption, brand damage and compliance failures
- Rapid identification and remediation of vulnerabilities
- Improved, accelerated development cycles
- Enhanced use of Multi-Factor Authentication
Company Profile
The British Council specialises in international cultural and educational opportunities. It works in over 100 countries: promoting a wider knowledge of the United Kingdom and the English language; encouraging cultural, scientific, technological and educational cooperation with the UK.
The Challenge
The British Council needed a responsive, flexible and effective penetration testing service covering websites, and web and mobile applications, at its 100-plus sites around the world, within strict timescales and at competitive rates.
MTI’s bespoke penetration testing service employs the SANS Institute’s guidelines and the Open Web Application Security Project (OWASP) Top Ten vulnerabilities, along with its own methods, developed over 20 years in penetration testing. The service is delivered remotely by MTI’s experienced CHECK and CREST certified testing team.
Each test produces a practical, jargon-free report, with executive and technical summaries, and detailed test results. Priority issues are highlighted, ensuring they do not get overlooked, while an Issue Matrix outlines all vulnerabilities, ranked by severity, with remediation recommendations. Full details on tests conducted and vulnerabilities found are also provided.
Where required, MTI retests updated code following remediation. Progress is tracked daily, allowing the British Council to easily check performance against SLA commitments. Technical debriefs are undertaken, during which MTI testing leads explain key issues.
Results
The British Council has seen several important benefits:
- Reduced risk of brand damage, compliance failures, and data loss and corruption
- A flexible, scalable service with SLA guaranteed delivery times, helping Council offices bring apps and portals to market within challenging timescales
- Earlier identification and remediation of vulnerabilities
- The use of penetration testing intelligence to inform future developments, improve app and portal quality and accelerate time to market
- Better use of Multi-Factor Authentication, a key concern for the British Council
We needed a provider that could meet our volume of demand. We have over 300 web sites, apps and portals, in over 10 countries, each running in it’s own silo, in local initiatives, collecting personal information. MTI is that provider.
British Council,
IT Team
Why MTI?
The British Council chose MTI because of its extensive resources and unique experience in the provision of penetration testing services to public sector bodies, it’s financial backing and ability to flex and scale operations to meet changing needs across the Council’s extensive web estate, and the quality and cost-effectiveness of the solution offered.
