We offer penetration testing to assess the level of systems security in your organisation by gaining access and control over sensitive data that would impose a threat of losing financial assets and critical data. The main aim of penetration testing is to identify security weaknesses in IT systems. In fact, it helps to increase business continuity as a breach may lead to limited availability.
A good practice is to perform penetration testing to strengthen and uplift the security profile of any IT system.
Why do YOU need a penetration testing?
You may find the answer in the cybersecurity statistics of 2018
of all legitimate websites contain vulnerabilities
was the cost of an average data breach in 2018
More than 40%
of cyber attacks target small and medium businesses
So, what types of hackers are out there?
or simply “black hats,” are the type of hacker the popular media seems to focus on. Black-hat hackers violate computer security for personal gain and for pure maliciousness.
They are the opposite of the black-hats. They are the “ethical hackers”, experts in compromising computer security systems who use their abilities for ethical and legal purposes rather than criminal purposes.
They fall somewhere in between a black hats and a white hats.
A grey hat doesn’t work for their own personal gain or to cause carnage, but they may technically commit crimes in a name of a higher cause or purpose or political or personal agenda.
Types of Penetration Testing
WHite box testing
In a white-box penetration testing, the tester is usually provided with a complete information about the network or systems to be tested including the IP address schema, source code, OS details, etc.
Black Box testing
In black-box penetration testing, a tester has no knowledge about the systems to be tested. He is responsible to collect information about the target network or system.
Gray box testing
In a grey box penetration testing, a tester is provided with partial knowledge of the system. It can be considered as an attack by an external hacker who had gained illegitimate access to an organisation's network infrastructure documents.
What do we check?
Network Penetration Testing
The role of servers, employee devices, and routers is usually underestimated when it comes to corporate security.
In fact, black hat hackers target anything that stores, processes, and transmits personal information.
A company’s network may be under great risks due to a wide range of security flaws including misconfigured software, outdated software or operating systems, insecure protocols and unnecessary exposures.
Web Application Penetration Testing
For an average user, a web application is a client-server program in a web browser.
For a black hat hacker, a web application is an opportunity to steal sensitive data.
Cyber attacks on web apps range from targeted database manipulations to large-scale network disruptions.
Main directions of the testing
The application's session management controls the mechanism as it traces the activities performed by authenticated application users
We determine the type of information that is transferred back to the user or stored in the client's machine
Possibility to gain information from temporary Internet files, cookies, and other application objects
The application's input controls the application processes inputs received from different interfaces and/or entry points
The application's authentication controls the mechanism as it processes the identity of individuals or entities
HOW DOES IT WORK?
1. Information Gathering is a search for any data about the system, mobile app, or infrastructure through the open sources.
2. Threat Modeling is based on the collected data, a plan on how to sneak into the system is created.
3. Vulnerability Analysis is automatic (with the help of scanners) and manual assessment of the system.
4. Exploitation is using the identified data, specialists try to perform various manipulations to check how criminals can misuse the vulnerabilities
5. Post Exploitation is researching what other actions can be performed with the identified vulnerabilities.
6. Reporting is writing a detailed report on the performed actions with the recommendation on how to eliminate vulnerabilities.
What is the price of penetration testing service?
The cost of the pentesting is specific to each client. Several parameters influence the price: the number of resources to be audited, timeframe, and complexity of the work.
How much time does penetration testing take?
The timeframe is specific to each client. It depends on the complexity and the breadth of work. Approximately it takes between 1 and 4 weeks for common systems to be tested.
Do you give recommendations regarding possible fixes to the bugs?
In the report, we give brief recommendations regarding possible responses to a bug or a vulnerability. If you need advanced recommendations, you can contact us.
What is the difference between internal and external pentesting?
Internal pentesting serves to assess local networks and services. External pentesting involves testing resources of clients. Automated and specialised tools like vulnerability scanners and special frameworks are used for both external and internal pentesting.