Penetration Testing

After Vulnerability Assessment,  Penetration Testing will further help you to understand fully how your websites, mobile applications, operating systems and networks could be exploited using hackers’ techniques.

Our penetration tests includes comprehensive reports about vulnerabilities and weaknesses which have been successfully exploited during the penetration test period. 

1. How hackers are likely to attack you?

  • Step 1: Preliminary proposal
    Our consultants will work with you to understand your business objectives and cyber security requirements, and tailor our service to these to deliver maximum benefit.
  • Step 2: Penetration testing
    Our consultants will first perform a deep analysis of your information networks to determine the extent of your vulnerabilities. We will attempt to exploit the identified vulnerabilities as proof of concept on the target system in a risk-controlled environment the same way a hacker would.
  • Step 3: Penetration testing report
    Our consultants will provide you with a detailed report that clearly states the vulnerabilities identified during the initial assessment and penetration tests.

2. Our Services

2.1 Web Penetration Testing (PT)

We use both automated penetration tools and manual penetration tests to assess your external and internal web applications to identify vulnerabilities before cybercriminals do.

The following is a non-inclusive list of items that will be checked during the web application penetration testing:

  • Injection flaws
  • Business logic vulnerability
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • Improper authentication or session management
  • Improper access control
  • Missing encryption or improper use of cryptographic algorithm
  • Information exposure through an error message
  • Open redirects
    Failure to restrict URL access
  • Insecure direct object references or path traversal
  • Server misconfiguration
  • Firewall rule set analysis

2.2 Mobile Penetration Testing (PT)

We use both automated penetration tools and manual penetration tests to assess your mobile applications to identify vulnerabilities before cybercriminals do.

During our mobile application security assessment, our certified mobile device security analyst will assess any kind of mobile application, covering all currently used operating systems (Android and iOS) against a wide and exhaustive list of threats such as:

  • Weak server side controls
  • Insecure data storage
  • Insufficient transport layer protection
  • Client side injection
  • Improper session handling
  • And more…

2.3 OS and Network Penetration Testing (PT)

We use both automated penetration tools and manual penetration tests to assess your operating systems and networks to identify vulnerabilities before cybercriminals do.

We use a combination of automated and manual tests to provide the best of both worlds into a single solution that includes:

  • Comprehensive target/systems reconnaissance
  • In-depth vulnerability discovery
  • Code Execution exploitation
  • Authentication weakness exploitation
  • Privilege escalation
    Reporting
  • Cleanup