Nowadays an ever growing number of organizations face various types of cyber threats. Especially organizations that process personal or sensitive information, or work in the financial sector. A security breach in that context can be catastrophic and result in consequences that are close to impossible to mitigate afterwards.
A penetration test, also known as a “pentest”, is the process of simulating an external attacker, performing a cyberattack, in order to assess the vulnerabilities of your system. In the same process, you get to discover how a potential breach would impact your informational security. We differentiate between different kinds of approaches based on how much we know about the organization before starting a test.
A white box test is when we know everything about the system and have access to all the details a developer or sysadmin would have on hand.
A black box test is when we do not have any previous knowledge of the system and we have to figure out the details on the fly.
Other than the previous methods, there are various options in-between, that are valuable when dealing with massively complex systems. We offer internal as well as external testing when needed.
In practice, each pentest has a well defined scope. As part of the scope, we define a list of resources to be tested, including IP addresses, domain names, or any other type of resource that may be relevant.
When needed, we can adept to your organization's needs by testing in pre-arranged time frames, to accommodate what makes sense in terms of server load or service disruption.
After the scope and the conditions are clear, our team of experts start testing your systems, using both automated and manual testing methods, looking for any potential vulnerability.
At the end of the process, you will receive a testing report that contains the various tests we have performed as well as the list of vulnerabilities found. As part of the same report, you will receive assessments for the individual vulnerabilities, that include the description of the Impact, the Severity and (when appropriate) a proof of concept exploit.