Penetration testing

Penetration tests of IT systems, network infrastructure, web applications and internet services are performed as simulations of a real attack.

Don't wait for a real hacker to test you

Penetration tests of IT systems, network infrastructure, web applications and internet services are performed as simulations of a real attack; they are tailored to each customer's needs to always verify the actual level of security. We uncover vulnerabilities that could be used for potential penetration, identify security weaknesses, identify security deficiencies, determine their degree of severity and propose corrective measures.

What types of penetration tests do we do most often?

  • Penetration testing of web applications
  • External network perimeter penetration test
  • Penetration test of internal network
  • Penetration test of Wi-Fi network
  • Social engineering

Testing modes

Image
1

External

The tester has almost no information about the target and needs to look up the information. Most likely an attack from the outside.

Image
2

Internal

The tester has information about and insight into the entire structure and can exploit weaknesses available to employees. An attack similar to an "angry employee".

Image
3

Both internal and external

For example, the attacker knows the exact targets the customer wants to test. The most common type of testing. The customer defines exactly what they want to test.

Other common testing modes

Penetration testing of web applications

The aim of a web application penetration test is to verify the actual resistance of a web application to an attack. We use automated tools and manual testing, and we perform combined attacks. The test is suitable for websites and large-scale web services applications. The tests are performed using the OWASP methodology.

External network perimeter penetration test

In the case of an external penetration test, we simulate an attack on the customer's systems and applications from an external environment, i.e. we simulate an attack by a potential hacker attempting to penetrate from the internet. The goal is to detect any vulnerabilities that could be exploited by a potential attacker to penetrate or gain unauthorized access to the internal network. For testing, we use our own best practices supported by OSSTMM and CEH methodologies.

Penetration test of internal network

An internal penetration test verifies the resilience of the corporate network from the inside, i.e. attacks conducted by employees, partners or suppliers. The aim of the test is to protect against unauthorized access and possible misuse of data and sensitive information by users on the internal network. For testing, we use our own best practices supported by OSSTMM and CEH methodologies.

Penetration test of Wi-Fi network

Wireless LAN scanning – wireless networks typically extend beyond the organization's building, allowing a potential attacker to penetrate the corporate network and systems through unauthorized access to the Wi-Fi network. Wi-Fi network tests include verification of availability (signal coverage, interference), unauthorized access to the Wi-Fi network, interception of communications, detection of unauthorized wireless access points.

Social engineering

Examination of employee behavior and reactions to attempts to obtain sensitive data and information through fraudulent e-mail or telephone campaigns, etc. The aim is to reveal the level of security awareness, compliance with the internal regulations and resistance to threats using methods of manipulation in direct and indirect communication.

Other services

SIEM Security Information and Event management

SOC Security Operations Center

Cybersecurity training

Risk Analysis

We will solve your IT challenges; don’t hesitate to contact us

Schedule a consultation with us for your ICT projects.

Name and surname: *

Company: *

E-mail: *

Message: