Cyber security (penetration)
tests

The purpose of a cyber security (penetration) test is to evaluate systems security through simulating attacks.

Special types of penetration testing is also a part of the PCI DSS compliance assessment process. Unlike an automated vulnerability scan, a cyber security (penetration) test is performed by a person, interacting with target systems, evaluating responses and adjusting further actions accordingly. A penetration test involves not only networks, but custom applications as well – a target that is notoriously difficult to test via automated means.

Full scope cyber security testing options: external, web application, internal penetration tests, networks segmentation tests, firewall reviews and tests, wireless technology penetration tests, social engineering projects, mobile application tests, source code reviews.

#

How we
do it

1. Planning and scoping

This defines the scope of the test and technical requirements, such as remote access methods, access credentials, API documentation, emergency contacts and scheduled test date.

2. Manual testing

An actual cyber security (penetration) testing (internal and external) is performed on the agreed scope of the project. Methods, tools and flow of the test directly depend on the engagement type, scope and specific ICT infrastructure. 

3. Segmentation tests

Additional testing of segmentation measures is undertaken to check whether network segmentation can be bypassed.

4. Reporting

A proprietary penetration test report is prepared and issued. The main point of the report is to register identified issues, rank them by level of criticality and suggest mitigation actions and measures.

5. Retest of critical findings

This is performed if critical issues (exploitable vulnerabilities) are identified and performed after the client fixes them. Most of the time – critical issues are access to sensitive data or remote code execution type vulnerabilities. The goal of the stage is to verify that critical issues have been mitigated.

#

How we
do it

1. Planning and scoping 2. Manual testing 3. Segmentation tests 4. Reporting 5. Retest of critical findings

This defines the scope of the test and technical requirements, such as remote access methods, access credentials, API documentation, emergency contacts and scheduled test date.

An actual cyber security (penetration) testing (internal and external) is performed on the agreed scope of the project. Methods, tools and flow of the test directly depend on the engagement type, scope and specific ICT infrastructure. 

Additional testing of segmentation measures is undertaken to check whether network segmentation can be bypassed.

A proprietary penetration test report is prepared and issued. The main point of the report is to register identified issues, rank them by level of criticality and suggest mitigation actions and measures.

This is performed if critical issues (exploitable vulnerabilities) are identified and performed after the client fixes them. Most of the time – critical issues are access to sensitive data or remote code execution type vulnerabilities. The goal of the stage is to verify that critical issues have been mitigated.

Trusted by

#

98 %

Client retention rate 

100 %

Clients pass the audit on the first attempt 

>75 %

Long-term clients for more than seven years 

#