Security Services Delivery

Our Penetration Testing Services focus on ensuring adequate security of our Customers’ services and infrastructure. Methodologies, techniques and frameworks are flexible, enabling the unique needs of a client to be met.

Penetration Testing Service Offering consists of:

  •     Defining the project’s scope
  •     Developing a methodology tailored to the Customer’s needs
  •     Performing an assessment as per the methodology
  •     Developing advice on mitigation measures
  •     Knowledge hand over

Where do we start our collaboration:

  •     Discussing preparation activities and conducting am introductory meeting with a client to gather information to write a proposal.
  •     Developing an approach that meets the specific needs of the client.
  •     Determining the necessary conditions for starting work
  •     Defining a pricing method
  •     Describing contract concepts from the business side
  •     Obtaining consensus before writing a proposal
  •     Developing a proposal that fits the consultant and the client leading to a signed contract

Security services delivery roadmap:

Start

Service request received from Customer

We propose initial questionnaire to our customers. It helps us to clarify scope, scan readiness

Start
1-3 days

Contract

Contract signing procedures

1-3 days
1-2 days

Passive information gathering (optional)

In the case of a blackbox external penetration test, different OSINT techniques are used in order to identify the potential attack surface.

1-2 days
1-2 days

Active information gathering

Both network and application security scanners are used to map the attack surface and gather information about in-scope applications and services.

1-2 days
Depends on project complexity

Manual vulnerability testing

Scanning results are reviewed and the penetration testing team manually searches for security flaws and misconfigurations that can be potential vulnerabilities.

Depends on project complexity
Depends on project complexity

Vulnerability validation and exploitation

Security flaws vulnerabilities are exploited in order to assess their security risk and potential to be used in a chain.
Create potential attack paths that can lead to compromise.

Depends on project complexity
2-3 days

Creating a report

After conducting all of our penetration testing activities, we create a comprehensive report describing discovered vulnerabilities and attack paths. Once the report is reviewed, a debrief meeting is scheduled to answer any questions and elaborate on the details in the social engineering report.

2-3 days