When performing a security review, Compass Security AG works closely with the customer. All the required insider information, firewall concepts, or system settings are disclosed for examination, in order to assess the effectiveness of the protection measures.
In terms of the time and effort required, finding a security loophole in the source code of a program is often more efficient than a penetration test. In addition, back-end processes can also be evaluated in the review process.
Security reviews are often then used when new solutions are installed and a global opinion of their vulnerability needs to be formed before they are put into production. They serve as a basis for project go-live decisions and also used for compliance testing.