What is Penetration Testing?


Penetration Testing (also called pentesting), is conducted to expose blind spots which are unknown from the internal IT teams and constitute any risk to the infrastructure, information, or business and operations in general.

Our experts use advanced tools and methodologies to assess your current IT environment, then map all the security issues and provide you with advice or help to eliminate these risks.

Most of the work is done manually. We do perform White Box, Grey Box or Black Box testing, and consult you to determine which approaches are the best based on your needs.


Methodologies


White Box Testing

In this case, the testers are given full access to the code and information about the infrastructure. As all the available data is analyzed, this kind of test provides a comprehensive assessment of both internal and external vulnerabilities. Due to the amount of data available, White Box testing is usually more time consuming than the other methods.


Grey Box Testing

When performing Grey Box testing, the tester is provided an account on the system, as if he were a regular user. This approach allows to evaluate the security inside the hardened perimeter and simulate what an attacker with longer-term access to the network could do. Information is provided to the tester so he can focus his efforts and target the most critical systems right from the start.


Black Box Testing

For this other approach, the tester examines the systems from an outsider’s perspective, without having any prior information. He will behave like a real attacker would, and will try to find breaches to infiltrate the systems and exploit other vulnerabilities.







Tailored Service


All the work we perform is tailored to your preferences and needs. We take into consideration a large amount of aspects to guide your during the process. We then establish an action plan and agree with you on the test scope and conditions as well as deliverables.

We also provide ISO compliance reports and conformity documents which can be used for all your compliance needs, and are particularly appreciated by insurrance companies.