Gartner defines custom software development (CSD) services as those that develop software in rapid increments and iterate custom applications and software products to meet an organization’s unique business needs. CSD services entail gathering business requirements and coding applications from inception, building applications on a platform as a service (PaaS), or assembling applications from existing web services or other reusable pieces of code. Services marketed as “software product engineering” or “digital product development” are likely to be examples of the category Gartner defines as CSD services.
Penetration Testing tools and services are designed to test vulnerabilities and weaknesses within computer systems and applications by simulating a cyber attack on a computer system, network, or web application. Companies conduct penetration tests to uncover new defects and test the security of communication channels and integrations. These tools and services either use vulnerability scanners or conduct manual/automated tests that scan networks and systems for open ports, and services and conduct vulnerability assessments to find any software lapse that may prove a route of attack on the system later. Further, the identified vulnerabilities are exploited to gain unauthorized access to systems or data and they try to escalate or pivot to key assets to have a better understanding about the impact of a specific attack. The process ends with generating a detailed and comprehensive testing report that describes, gives evidence for, assesses the risk, and recommends the solution to any vulnerability found. Typically, these are used by security professionals and ethical hackers to identify vulnerabilities, evaluate risks or/and validate controls, understanding how the cyber-attacks work, and test the effectiveness of security measures.