Pentesting — Penetration Test
Is your system resistant to IT attacks?We check sites for vulnerabilities that may arise due to incorrect system settings or flaws in the software product.
What is pentesting
Pentesting is a simulation of the actions of hackers and social engineers aimed at breaking into your web applications, mobile applications and IT services in order to find and fix vulnerabilities.
After testing, the company receives technical recommendations for protection against various types of attacks. We recommend Pentesting every 2-6 months.
Who needs it
IT info structures
Business applications
Financial companies
Internet banking
Wireless networks
Websites and Services
Hackers often target not only the websites of ministries, banks, but also businesses. If you plan to develop a successful enterprise and enter the world markets, testing is indispensable.
How do we test
OSSTMM Testing
- Data management;
- staff awareness;
- the impact of social engineering;
- physical access control;
- device security;
- checking computer networks.
NIST SP800-115
- verification of technical documentation;
- integrity of files, systems;
- the ability to crack passwords;
- safety assessment;
- net sniffing;
- Pentesting.
OWASP
- web application vulnerability;
- checking their architecture;
- checking IoT devices and APIs;
- mobile app vulnerability;
- Code security check;
- coding guidelines.
Test steps
Initialization
- Signing of an NDA non-disclosure agreement.
- Discussion of your terms of reference.
- Clarification of conditions, terms, restrictions on tests.
- Formation of a working group.
- Signing an agreement.
Step 1
Instrumental scanning
- Port scanning.
- Application analysis.
- Checking operating networks.
- Detection of firewalls, network routers.
- Finding vulnerabilities.
Step 3
Development of recommendations
- Description of the attack scenario.
- Collecting a list of potential vulnerabilities.
- Collection of evidence.
- Definition of business risks.
- Development of a protection strategy.
Step 5
Analysis of open sources
- Studying basic information about the company on websites.
- Examining company data on social networks.
- Analysis of information about employees in professional communities.
- Search for information about the company and employees on technical forums.
- Analysis of the received information.
Step 2
Development and verification of attack scenarios
- This includes compiling lists of employees with potential logins.
- Compilation of dictionaries for selection of passwords.
- Development of a scenario for hacking accounts.
- Checking the possibility of remote editing of information.
- As well as checking for the possibility of introducing malicious programs.
Step 4
Preparing of report
- Transfer of the ready list of potential vulnerabilities.
- Preparation of a list of recommendations for their elimination.
- Visualization of the report in the form of a presentation (on request).
- Discussion of the received information with the customer.
- Signing of acts of performed works.
Step 6
Cost and terms
Since each business is individual, we will be able to determine the exact cost and terms after a preliminary assessment of the task you set. You can request a free consultation using the form below.
Be sure to include a link to your company website and the problems you would like to solve: check your new website, mobile application or devices on the network for vulnerabilities.
Do you want to check if your system is resistant to IT attacks?
Use the feedback form to get a free consultation from our experts.