Penetration Testing

A penetration test, also known as a pentest, consists of auditing networks, computers and software in order to identify security vulnerabilities. Using our tried-and-tested approach, the entire process is carried out from a real attacker's perspective and it is often intrusive - involving exploitation of potential security breaches.

Advantages

A penetration test is helpful for a number of very good reasons, such as

• Finding security weaknesses before others do - and by ‘others’, we do not mean those nice people who would fix them for you
• Validating existing security measures, policies and IT/InfoSec personnel skills
• Ensuring compliance with regulations and standards e.g. PCI DSS, ISO/IEC 27001

A penetration test is designed for those who are serious about information security, taking rigorous steps to prevent data and financial loss.

Our approach and methodology

Our team consists of people who are experienced at what they do and, even more importantly, who enjoy what they do - without relying on automated tools. While automated scanners are useful to get a broad security view, it is those ‘small’ details that are usually the ones which lead to a full system compromise.

Our main advantage comes from our complete understanding of how real attackers operate: we know exactly what they do in order to compromise your valuable data - and how they do it. Therefore, our pentest service is tailored to real-world attacks rather than following testing instructions by the book.

Results

What we don’t do is provide a 200-page report bloated with descriptions of TCP ports, trace-route output and fancy pie-charts. We much prefer to keep it simple, focusing on the information that is relevant to you, and which should help you secure your assets. This essentially means

• A description of vulnerabilities found
• PoC exploits, proof of exploitation (e.g. screenshots)
• Solutions and fixes

Trust and commitment

Dealing with sensitive information such as potential vulnerabilities is something we take very seriously. This is why we

• always sign an NDA with our customers
• do the remote tests from a physically secured location
• deliver reports in encrypted form, which are deleted once they are sent
• ensure that all tests are done in a disposable virtual machine, which is erased upon finishing the tests

In order to assure our clients that we do our very best to find any vulnerabilities, we can provide a pricing model based on our findings. Or simply put, you pay less if you are already secure!
Simply put: you pay less if you are already secure.

Contact us for more details about our Penetration Testing services.