Penetration Testing

Penetration Testing

Penetration testing is conducted to verify security of a targeted asset such as network, web, mobile or client-server application.

Cybersecurity testing

It is one of our core services, we have many years of experience in performing penetration testing and until now we have delivered several hundred tests to our customers. All pentesters performing testing hold multiple certificates e.g. OSCP (Offensive Security Certified Professional) and have a proven track record in the industry. We fulfill the formal requirements often required by customers in terms of delivering a penetration test such as PCI DSS Penetration Testing Guidance. All reports are written by our consultants and not thoughtlessly generated by automatic security scanners. Additionally our pentesters have identified many vulnerabilities in popular software and successfully participated in bug bounty programs.

Black box penetration testing

Both infrastructure and application pentesting can be performed from a outside attacker perspective meaning that the tester does not hold any knowledge regarding the targeted system apart from those available publicly. No information about the architecture and customer systems is delivered, no user accounts except those that can be created by an attacker (e.g. by registering in the application). Usually when conducting a security audit of a web application we use a gray box approach, which gives us some information about the audited system (e.g. documentation, description of the system functionalities) and accounts for each role in the systems are delivered, so we are able to check both vertical and horizontal privilege escalation, meaning accessing data and/or functionalities of higher privileged user and a different user with same or similar access rights.

White box penetration testing

This type of a security audit is an extended version of gray box pentesting in which testers have full knowledge of the targeted asset. In case of a web application we are given access to both documentation and the source code additionally to what is granted in a gray box test.

Web application penetration testing

We deliver web application penetration testing in accordance with popular and widely accepted OWASP methodology (The Open Web Application Security Project), including OWASP Top 10 and OWASP ASVS (Application Security Verification Standard) extended by our experience. We do not limit ourselves only to OWASP listed vulnerabilities and aim to find also business specific vulnerabilities that can pose a real threat to the business of the customer and which are often missed by automated vulnerability scanners.

Software penetration testing

We deliver desktop application penetration testing and client-server application penetration testing. We can cover security testing of applications written in C/C++/C# and Java for Windows, Linux and OS X platforms.

Mobile application penetration testing

We perform mobile application penetration testing for iOS and Android platforms. We base our methodology on OWASP Mobile (The Open Web Application Security Project), including OWASP Mobile Top 10 and OWASP MASVS (Mobile Application Security Verification Standard) enhanced by our own experience in identifying vulnerabilities in mobile application.

Infrastructure penetration testing

We perform penetration testing of network infrastructure (LAN/WAN/WLAN), according to the PTES framework (The Penetration Testing Execution Standard). Tests can be conducted from both external (Internet, Wi-Fi etc.) and internal (LAN, VPN) networks.

LAN Network penetration testing

Security audit of a local network can be performed locally on premises or via VPN. The difference compared to infrastructure pentesting is that the pentester is given access on the level as if the intruder already gain access to the company internal network or it simulates a rogue employee trying to do harm from the inside.

WiFi penetration testing

WiFi penetration testing aims to test the security of locally deployed wireless networks. It aims either to break into a protected WiFi network as well as privilege escalation from a guest network and attacking the users.

Wireless security is also a part of our red teaming services which aims to perform social engineering attacks against unsuspecting WiFi users, for example by running a rogue AP (Access Point).

Penetration testing pricing

Cost of a penetration test depends mainly on the scope size and the complexity of work required. Price also differs for remote and local engagements as the latter require additional travel and accomodations costs depending on the location. To get a quote please contact us.

All of our pentesters are senior level experienced consultants and hold worldwide recognised certificates.

Explore Our Offer

We deliver advanced technical consulting services covering multiple aspects of cybersecurity from red team to blue team. Thanks to a diverse experience in IT security we are able to look at a wider perspective during engagements. Our abilities come from many years of work experience in cybersecurity and are confirmed with certificates, publications, advisories and references from our customers.