Penetration testing

Have experts review and report on how to best secure and control an applications’ security.

Security can be impacted in many ways, and our team tests the solution in scope for risks pertaining business processes, payment solutions, vulnerabilities, personal data, and more.

Receive a complete report on where your efforts should be focused and understand where to solve problems in the upstream process of development and procurement. Ensure the knowledge gap is bridged by having experts hand off vulnerability findings in workshops, or let them participate during the engagement.

What does a penetration test conclude?

The testing will support you in understanding what risk is currently exposed in the application. The report you receive will contain:

  • An executive summary describing the risks involved and recommended short- and long-term actions.
  • A full color coded and prioritized list of vulnerabilities identified. Each vulnerability will be rated based on several aspects, e.g. the impact on confidentiality, availability and integrity. The vulnerability will also have a score impacted by things such as if the vulnerability is exploitable without authentication, from the Internet or not, and so on.
  • Vulnerabilities contains a description on how it was exploited, demonstrating the appropriate risk, and also suggestions on remediation, both short- and long-term where applicable.
  • A thorough appendix describing the process and work flow of the penetration testers. This will be quite low level and can help support staff and others whom want to study and learn how the testers have progressed in the engagement.

Deciding scope and commencing work

If you haven’t already a solid grasp on the Digital Footprint of your organization, consider starting there.

You might have an application or a network you want to assess for weaknesses. Before work is started however, a non-disclosure (NDA) agreement and contract is settled between the companies. Because we will be commencing in Offensive Services, it’s very important to have explicit permissions for this kind of activity. The NDA is important for you, as a client, because our company will likely find critical and sensitive information on behalf of you, so you want to protect yourself on this matter.

A scope of a penetration test can be a multitude of different things. We frequently test:

  • New services, releases and other deployments as part of a Software Development Life Cycle, or just ad-hoc.
  • Web applications we’re not sure are vulnerable or not.
  • Networks containing different services.
  • Mobile applications and their corresponding API’s.

Where to start?

If you’re new to this, and you haven’t already had someone map your Digital Footprint, start there. Otherwise, contact us and we can get the ball rolling.