Anonymous

The anonymous perspective simulates an attacker that has no authorized access to the test targets. Most of the typical Internet originating attacks fit into this category.

Simple User

The simple user perspective simulates an attacker that has end user level access to the test targets. A typical case would be for example, in an e-banking environment, a normal bank client that has online banking access using the same service as many other clients. This perspective covers all the IT safety flaws that cannot be normally exploited by the anonymous user since the functionality affected is available only to registered users.

External Organisation

The external organization perspective simulates attacks originating from enterprise clients. Enterprise clients are considered all organizations that have authorized access to the test targets. A typical case would be for example, in an e-banking environment where more banks share the same processing and clearing centre, to simulate attacks originating from a bank against another one. Similar cases are found in outsourced environments, where multiple companies share the same 3rd party processing and hosting environment.

Organisational Unit

The organizational unit or subsidiary perspective covers all the potential attacks originating from a lower trust entity, such as a remote organizational unit, a subsidiary company, or a government branch against a higher trust entity, such as the mother company, management zone or the central government.

Custom & Complex Profiles

All the different access profiles existent in a given company or organization can be covered by customizing the audit modules in order to transform them into audit perspectives and adapt the selected modules.