Penetration testing (Pentest)

General information about pentests 

Penetration testing prevents economic and reputational losses by verifying or building effective information protection for the company. 
Testing reveals and checks system vulnerabilities that can occur due to software and hardware errors, improper settings and operational flaws, etc. Testing also clearly demonstrates the relevance of identified vulnerabilities and significance of potential damage for the client company.

Pentest stages 

  • Initialization 

    Stage outcomes:
    ● A working group is formed and approved
    ● The scope and parameters of testing, possible risks and limitations, a work schedule, and communication regulations are defined and approved

  • Data collection from open sources of information (passive collection of information) 

    Stage outcomes:
    A non-interactive study of the infrastructure to be tested has been performed. Information about this infrastructure has been collected from open sources and systematized. Preparations have been made for the active information collection stage.

  • Active collection of information 

    Instrumental analysis of external perimeter security for the IP address ranges from:
    ● Resource detection
    ● Vulnerability detection
    ● Vulnerability analysis
    ● Access (checking for vulnerabilities)

  • Analysis of results and reporting 

    Stage outcomes:
    A documented report containing identified vulnerabilities, results and vulnerability relevance, as well as recommendations for managing risks associated with identified vulnerabilities.

  • Demonstration and discussion of results 

    Stage outcome:
    A documented report containing identified vulnerabilities, results and vulnerability relevance, as well as recommendations for managing risks associated with identified vulnerabilities.

What you get from the pentest service: 

    A summary of current IT system security.
    A list of identified services and components.
    A list of identified and evaluated IT system vulnerabilities (risk level).
    Verification whether vulnerable applications can be exploited.
    Recommendations for fixing identified vulnerabilities.
    Information on methods of and priorities in improving app security.

 Types of testing 

  • External and internal penetration testing

    Testing simulates the actions of an attacker who has access to the company’s internal network, and determines how much a potential attacker can harm the IT infrastructure.

    ● Collection of all information about the scope of testing using OSINT (Open Source Intelligence) methods
    ● Use of automated information collection systems, scanners and invasive intelligence methods
    ● Simulation of an attack using vulnerability exploitation tools (exploits), attack techniques and others
    ● Increasing privileges, identifying the possibility of an expanded attack surface, obtaining access to other user data, and system repair
    ● A report containing an actual security assessment, risk and vulnerability assessments and recommendations for their elimination

  • Web application security testing

    Web application security testing involves an attack simulation by our highly qualified security consultants.

    ● Manual testing is related to the OWASP methodology
    ● A series of automated vulnerability scans
    ● Prompt notification of any critical vulnerabilities
    ● Risk assessment for your organization
    ● A detailed report that identifies and explains vulnerabilities (in order of significance)
    ● A list of recommended countermeasures to eliminate identified vulnerabilities

  • Mobile application security testing

    Mobile application security testing is a detailed security analysis of your app based on your phone or tablet. Our experienced security specialists use manual testing since it reveals many more problems than automatic tests.

    ● Mobile app analysis using OWASP Mobile Top 10 combined with our own testing methodologies
    ● Detecting code errors, software errors, errors in service configurations, dangerous settings, and operating system flaws
    ● Summary of test results and a report

  • Wi-Fi security testing

    Wireless network penetration testing is conducted to identify vulnerabilities in the current architecture of the wireless segment of the information system and individual components of this architecture. It identifies vulnerabilities in wireless networks, systems, hosts and network devices before hackers can exploit them.

    ● Intelligence of the customer’s wireless networks
    ● Detailed study of characteristics and features
    ● Attacking authentication and authorization in networks
    ● Attacking network hardware
    ● Attacking network clients

  • Social engineering testing

    Social penetration testing is designed to simulate attacks used by social engineers to harm your company. We use a number of methods to test telephone communication, online and on-site interaction.

    ● Thorough real-time and on-site Internet perimeter testing
    ● Detailed reporting and mitigation recommendations
    ● Confidential clarification, including methods, sources, and step-by-step attacks, to let your company know what you do right and what should be improved.
    ● Training is carried out on-site or at a location requested by the customer

  • DDoS attack resistance testing

    DDoS attack resistance testing means testing the ability of information systems to resist attacks aimed at disrupting information availability. As part of testing, our team deploys a network (Botnet) of virtual servers deployed in different parts of the world. Network management and attack simulation is performed using C&C technology.

The IT Specialist company has top-notch experts in penetration testing

Do you have any questions about penetration testing? Write to us, and we'll be happy to provide answers and guidance!

Thank you!

We will contact you shortly.

Can't send form.

Please try again later.

Made with