Penetration Testing

Web application pentests

Web application penetration test, done in a blackbox method (without source code and configuration access). Tests are done in a manual way with tools assisting role only.

LAN pentests

Internal infrastructure (LAN) penetration tests. Allows to verify local network security, finding weak points and showing assets needed to protect/fix. Tests are done from the internal point of access, covering disgruntled employee or malware scenarios.

Source code analysis

Whitebox source code analysis, done as a supplementation to basic blackbox testing in later stages of security audits.

Remote infrastructure pentests (VPN)

Remote infrastructure tests (VPN) – penetration tests of remote work access infrastructure (VPN). Goal of the project is to find and verify security vulnerabilities of remote work access infrastructure. Tests are done in manual way using blackbox and greybox (later stages) methodology.

Server infrastructure configuration audit

White box manual audit of server infrastructure configuration. Tests cover general operating systems configuration and selected software server components (e.g. SQL DB, WWW servers and many others.

E-commerce pentests

E-commerce web platform penetration tests, done in a blackbox manual mode. Project covers web application pentest scope extended with aspects relevant to the e-commerce platform/app group.

WiFi pentests

Wi-Fi infrastructure – wireless infrastructure penetration tests, executed in a blackbox manual way (no prior knowledge of architecture nor configuration.

DDoS pentests

Distributed Denial of Service tests. Cover simulation of a few attack types, e.g. flood, http/app layer, slow attacks, SSL termination exhaustion and others.

Cloud infrastructure pentests

Cloud infrastructure (AWS, GCP, Azure) – broad range of cloud infrastructure penetration tests and audits. Goal of the project is cloud environment configuration verification from the security standpoint. During the typical tests, the great emphasis is put on network, authentication, logging configuration. Tests are done in white box manual mode. Tests are often supplemented with VM and container pentests.

Organization reckon (OSINT)

Manual blackbox information gathering. Goal of the tests are to acquire as much as possible classified information (e.g. company infrastructure, network intel, private data) from publicly available sources (so called passive OSINT), and then verify them from external network points (network tests), while trying to get access to confidential information (final goal).

WAN pentests

External infrastructure (WAN) penetration tests, done from the external network point of view. Tests target and verify potential intrusion points as seen from the internet, showing a intruder ability to gain access to internal company systems.

Mobile applications pentests

Mobile applications penetrations tests, where during the project (blackbox and manual mode) auditors test both client and server components of the application. Tests cover both iOS and Android platforms and if requested also cover mobile app source code.

Performance pentests

System/application performance testing, done as a real traffic/work simulation to find and show application weak points from performance perspective.

Work station hardening

Whitebox manual audit during which configuration of employees work stations is verified. Manual analysis of potential vulnerabilities and security problems helps to detect configuration errors with security implications. Tests of this type are critical for remote organizations, due to the inability to protect remote networks in full way in WFH scenarios.

Fixed price

Pretests that are based on a predetermined scope, schedule and price.

Time & material

Pentest based on the actual time the auditor spent on the project