Penetration tests can uncover critical bugs or reveal even the more subtle flaws in your IT applications & infrastructure that may put your entire ICT at risk. Detection and timely remediation of application vulnerabilities is necessary for companies that leverage software applications to support critical business processes.
Our comprehensive and timely reports will also deliver meaningful, prioritized remedies to help you defend against security threats and safeguard your valuable business data.
Penetration testing is an assessment of computer networks, systems, and applications to identify and address security weaknesses.
Based on the specific objectives as agreed with the client, acceptable levels of risk, and available resources we tailor build a plan for each penetration ahead of time.
We usually conduct any penetration test with a well-defined scope that has been agreed upon with the client. As the target is to compromise critical business assets and the scoping process may define parts of the organisations ICT to be entirely excluded from an assessment. We also request from clients a letter of authorization and sign a non-disclosure agreement to protect the rights of clients and ours.
The initial work done in any black-box assessment is information gathering. It combines a myriad of Open Source Intelligence (OSINT) resources for gathering data on the target organization, and it is critical to the operation. Aggregating both public and private methods of intelligence gathering allows us to develop an early structure for a plan or attack. The following are some examples of information we target during reconnaissance:
After all initial information has been gathered, we move on to mapping our strategy and attack methodology. The approach is dependent on the intel from the previous stage and the developed footprint, thus may vary based on the job. General steps include:
The variety of information gathered in the beginning phases lay the foundation for a whole host of attack options across all relevant vectors. These attack options may include the following:
Reporting is critical to understanding the value you receive from our asessment. The reports are designed to be easily understood but complete in the findings, giving both the exploitation likelihood and detailed impact for each vulnerability. In addition, each vulnerability reported will include a remediation strategy for mitigating the risk associated with the vulnerability.