Penetration tests

Don't wait for a real hacker to test you

Penetration tests of IT systems, network infrastructure, web applications and internet services are performed as a real-attack simulation, tailored to individual customer’s needs to check the real security level. We will reveal any vulnerabilities which could be used for a potential penetration, we will identify any security deficiencies and determine the level of their severity. We will also propose some remedial measures.

Testing modes

BLACKBOX

WHITEBOX

GRAYBOX

PENETRATION TEST OF THE WEB APPLICATION

The goal of the penetration test of the web application consists in the verification of the real immunity of the web application to attacks. We use automated tools as well as manual testing. We perform combined attacks. The test is suitable for websites as well as for large applications of internet services. We perform the tests according to the OWASP methodology.

EXTERNAL PENETRATION TEST OF THE NETWORK PERIMETER

In the event of the external penetration test, we simulate the attack on the customer’s systems and applications from the external environment, i.e. we perform attack simulations of a potential hacker who tries to penetrate from the Internet. The goal consists in revealing any vulnerabilities which could be used by a potential attacker to penetrate or access the internal network in an unauthorized manner. For testing, we use our own proven practices with the support of the methodologies OSSTMM and CEH.

PENETRATION TEST OF THE INTERNAL NETWORK

The internal penetration test verifies the immunity of the corporate network from the inside, i.e. attacks conducted, for example, by employees, partners or suppliers. The goal of the test consists in the protection against unauthorized access and possible misuse of data and confidential information by users in the internal network. For testing, we use our own proven practices with the support of the methodologies OSSTMM and CEH.

WI-FI NETWORK PENETRATION TEST

Wireless LAN scanning; wireless networks usually reach beyond the company’s building; such a potential attacker can penetrate the corporate network and systems through unauthorized access to the wi-fi network. The wi-fi network tests include verification of the availability (signal coverage, interference), unauthorized accesses to the wi-fi network, eavesdropping of communications and revealing of unauthorized wireless access points.

SOCIAL ENGINEERING

Examination of employees’ behavior and responses to the attempt to obtain sensitive data and information through a fake e-mail or telephone campaigns, etc. The goal consists in revealing the level of security awareness, compliance with internal regulations, immunity to threats arising from manipulation by means of direct and indirect communication.

TEST OF MOBILE APPLICATIONS

Penetration tests of mobile applications identify shortcomings and examine the security of using mobile applications. Today’s trend of most applications consists in using them anytime and anywhere, which, however, poses a security risk. Such applications often contains serious security vulnerabilities. The tests are focused on the possibility of leaks and data misuse in telephones, examining communication security, the simulation of attacks from the outside, etc. We perform the tests according to the CEH methodology. RISK ANALYSIS Installation.