Our Penetration Testing Services focus on ensuring adequate security of our Customers’ services and infrastructure. Methodologies, techniques and frameworks are flexible, enabling the unique needs of a client to be met.
Penetration Testing Service Offering consists of:
- Defining the project’s scope
- Developing a methodology tailored to the Customer’s needs
- Performing an assessment as per the methodology
- Developing advice on mitigation measures
- Knowledge hand over
Where do we start our collaboration:
- Discussing preparation activities and conducting am introductory meeting with a client to gather information to write a proposal.
- Developing an approach that meets the specific needs of the client.
- Determining the necessary conditions for starting work
- Defining a pricing method
- Describing contract concepts from the business side
- Obtaining consensus before writing a proposal
- Developing a proposal that fits the consultant and the client leading to a signed contract
Security services delivery roadmap:
Service request received from Customer
We propose initial questionnaire to our customers. It helps us to clarify scope, scan readiness
Contract signing procedures
Passive information gathering (optional)
In the case of a blackbox external penetration test, different OSINT techniques are used in order to identify the potential attack surface.
Active information gathering
Both network and application security scanners are used to map the attack surface and gather information about in-scope applications and services.
Manual vulnerability testing
Scanning results are reviewed and the penetration testing team manually searches for security flaws and misconfigurations that can be potential vulnerabilities.
Vulnerability validation and exploitation
Security flaws vulnerabilities are exploited in order to assess their security risk and potential to be used in a chain.
Create potential attack paths that can lead to compromise.
Creating a report
After conducting all of our penetration testing activities, we create a comprehensive report describing discovered vulnerabilities and attack paths. Once the report is reviewed, a debrief meeting is scheduled to answer any questions and elaborate on the details in the social engineering report.