Our consultants have accumulated years of experience of performing penetration tests on applications and systems. We simulate an attack on your system as a real hacker would in various ways.
Black Box Penetration Test
Our most basic service, which is the most commonly offered by security consultancies. We probe your application’s defences from the outside and attempt to subvert its controls, bypass its business rules of operation and take control of it. Our consultants will use their extensive experience, off-the-shelf and custom tools to try to identify and exploit any vulnerabilities in your application or system.
White Box Application Test
A much more comprehensive service than the Black Box Penetration Test. We perform the same tests but couple them with a “lightweight” code review. We review your code for the most common security vulnerabilities, such as Cross Site Scripting, SQL Injection, Code Execution, Cryptographic problems and many others. This is the service we sell the most, and a way to get very quick “wins” if you are trying to improve your applications’ security stance. It is also the method we use to find many vulnerabilities in proprietary and commercial software.
If you would like a more thorough and complete code review to find up to 100% of all the vulnerabilities in your code, we also have a service for that.
Infrastructure Penetration Test
Employing similar techniques to the Black Box Penetration Test, our experienced consultants will probe, scan and exploit the target network or networks for security vulnerabilities, and deliver a report detailing what was found and how to fix it. This test is useful for companies that want to test a specific part of the network, such as for example an affiliate or branch network, or even to test their entire network.
Red Teaming Penetration Test
Our most advanced offering - two or more of our consultants will be “dropped” in a target network, having User or Administrator level access to a desktop system inside the network. From then on, they will attempt to hack the highest number possible of desktops, servers and applications, and attempt to get Domain Administrator level on the network, while attempting to bypass existing protections like a real hacker would.
This type of test is extremely useful to understand how resilient a company is to an intruder which is already inside the network - the ultimate test in resilience and cyber security.
We also provide a range of more specialised services that can assist you in finding vulnerabilities. We are experts in fuzzing technologies, used mostly in product security assessments to understand the resilience of your native code against a malformed file or network packet.
Applicable To All Scenarios
The techniques described in this page are not only for applications. We can perform any of these services on servers, embedded devices, firewalls, smartphones, set-top boxes, laptops, workstations, routers, etc.