the Weak Link

Identifying Weak Links, Strengthening Security

Penetration Testing

Penetration Testing for Websites

Service Description: The website penetration testing service is conducted as a comprehensive security assessment aimed at identifying vulnerabilities and security gaps. This test simulates the most advanced and recent real-world attacks, considering all involved technologies to provide a realistic security evaluation.

Key Points for Service Execution

  • How many websites will be tested?
  • What technologies are in use?
  • What is the motivation for performing the test – regulation (standards like ISO, etc.), security assessment, and improvement?
  • Have previous tests been conducted on the website in question?
  • Where will the test be conducted – remotely (from our office) or on-site within the organization?

Testing Contents and Methodologies

We customize our testing approach based on the specific needs of the organization, industry standards, and regulatory requirements. Our methodology is rooted in the principles of OWASP Top 10 and OSSTMM, aiming to uncover a range of vulnerabilities.

At the end of the testing process, the client receives a detailed report with an executive summary, highlighting the identified vulnerabilities and providing tailored remediation recommendations. A follow-up retest is conducted to ensure all vulnerabilities have been effectively resolved.

Testing Execution Process

The test is carried out by our research and attack team, which includes experts specialized in various technologies. A project manager will oversee the test to ensure smooth execution.

Average Completion Time: Typically between 6 to 12 days, with the exact timeline determined after the initial project scoping meeting.

Project Initiation Requirements: Scoping meeting with the PT team leader.

Penetration Testing for Mobile Applications

Service Description: The mobile application penetration testing service is conducted as a comprehensive security assessment aimed at identifying vulnerabilities and security flaws. The test simulates the most advanced and recent real-world attacks, accounting for all technologies involved to ensure a realistic and in-depth evaluation.

Key Points for Service Execution

  • Will the test be conducted for both Android and iOS applications, or just one platform?
  • How many applications will be tested?
  • What technologies are being used?
  • What is the motivation for performing the test – regulation (standards such as ISO, etc.), security assessment, and enhancement?
  • Have previous tests been conducted on the application in question?
  • Where will the test be conducted – remotely (from our office) or on-site within the organization?

Testing Contents and Methodologies

Our methodology is grounded in Mobile OWASP Top 10 and OSSTMM principles, targeting a variety of vulnerabilities to ensure robust security.

At the end of the testing process, the client receives a detailed report with an executive summary, outlining vulnerabilities and providing tailored recommendations. A retest is conducted to confirm effective resolution.

Testing Execution Process

The test is performed by a specialized team with expertise in different technologies, overseen by a project manager to ensure smooth communication and process management.

Average Completion Time: Typically between 5 to 10 days, depending on project complexity.

Project Initiation Requirements: Scoping meeting with the PT team leader.

Infrastructure Penetration Testing

Service Description: The infrastructure penetration testing service assesses internal networks (typically in a domain environment) to identify vulnerabilities and security gaps. Simulating real-world attacks, it covers all technologies involved to ensure thorough evaluation.

Key Points for Service Execution

  • Will the test be conducted onsite within the organization or remotely (via VPN)?
  • How many devices are connected to the network?
  • How many users are on the network?
  • What is the motivation for performing the test – regulation, security assessment, or enhancement?
  • Have previous infrastructure tests been conducted?

Testing Contents and Methodologies

Our methodology, based on ISSAF and OSSTMM principles, is tailored to the organization’s needs, standards, and regulatory requirements.

Deliverables include a detailed report with an executive summary, identified vulnerabilities, and remediation recommendations. Retests are optional post-remediation.

Testing Execution Process

Conducted by onsite or remote penetration professionals, with a project manager assigned for effective communication and oversight.

Average Completion Time: Typically between 5 to 10 days, based on project scope.

Project Initiation Requirements: Scoping meeting with the PT team leader.

Cloud Environment Penetration Testing

Service Description: The cloud penetration testing service evaluates cloud environments (e.g., AWS, GCP, Azure) to identify vulnerabilities and ensure robust security for all components and services.

Key Points for Service Execution

  • What type of cloud environment is being tested?
  • What is the motivation for performing the test – regulation, security assessment, or enhancement?
  • Have previous penetration tests been conducted in this cloud environment?

Testing Contents and Methodologies

Our approach uses cloud-specific security principles for a focused assessment. Deliverables include a detailed report with an executive summary, findings, and remediation recommendations. Retests are optional after addressing findings.

Testing Execution Process

Performed by cloud security specialists with oversight from a project manager to ensure seamless coordination.

Average Completion Time: Typically between 6 to 20 days, based on complexity.

Project Initiation Requirements: Scoping meeting with the test executor and PT team leader.