Penetration Testing Services

Simulate the tools and techniques of an attacker to detect and exploit vulnerabilities
Get a quote
Penetration Testing Services

What is Penetration Testing?

A penetration test simulates the tools and techniques of an attacker to detect and exploit vulnerabilities. This approach conducted by a skilled professional helps you identify possible attack routes and securities vulnerabilities that may not be found from vulnerability assessments.

Penetration testing can be conducted from within your network to simulate insider threat or from the public internet to simulate an external hacker. And depending on your objectives, the assessment can be performed as an unauthenticated user (no login access) or with test user accounts.

 

Network Penetration Testing

Network

To detect vulnerabilities in the operating system and commonly used software in servers and network devices.

Application Penetration Testing

Application

To detect vulnerabilities at the application layer,  usually for custom-developed web and mobile apps.

Wireless Penetration Testing

Wireless

To detect vulnerabilities in the wireless network implementation within your organization’s premises.

Penetration Testing Process

Penetration Testing Process - Scan

Scan

Run scanning tools to analyze target and detect potential vulnerabilities.

Penetration Testing Process - Exploit

Exploit

Perform manual testing, verify vulnerabilities and attempt to exploit the target.

Penetration Testing Process - Report

Report

Analyze impact and severity of issues, and recommend corrective action.

Penetration Testing Process - Retest

Retest

Verify if previously detected vulnerabilities have been fixed adequately.

Frequently Asked Questions

What is the difference between black-box and grey-box testing?

Black-box testing simulates an unauthorized attacker with no user credentials i.e. testing without logging into the system. With this approach, system functions requiring authenticated access will not be tested.

Grey-box testing simulates an authorized but malicious attacker with user credentials i.e. testing by logging into the system. With this approach, system functions requiring authenticated access will be tested.

What is the difference between internal and external testing?

Internal testing simulates a malicious insider attack and is conducted from within the customer internal network and from a segment where the targets are accessible.

External testing simulates a malicious outsider attack and is conducted from the public internet without modification of customer’s perimeter defence.

What is included in network penetration testing?

Network penetration testing is focused on the services running on the network and is primarily concerned with vulnerabilities at the operating system layer and common software (e.g. NIST CPE) of the target hosts and devices.

What is included in application penetration testing?

Application penetration testing is focused on the functionalities of the application (including web API servers for mobile apps) and is primarily concerned with application layer vulnerabilities, especially the OWASP Top Ten Web Application Security Risks and OWASP Mobile Top 10.

What methodologies do you use?

We adopt the following guidelines for our penetration testing methodology:

  • Penetration Testing Execution Standard
  • OWASP Web Security Testing Guide
  • OWASP Mobile Security Testing Guide

Specific testing procedures are executed based on the nature of the testing and environment.

What tools do you use?

We use both commercial and open source tools including Tenable Nessus Pro, Burp Suite Pro, Kali Linux, Metasploit, etc.

Yes, we are CREST accredited

CREST Penetration Testing

How can we help?