Pentesting
In-Depth Testing Needed?
Our penetration test service offers a comprehensive assessment and evaluation of network security, (web)application vulnerabilities, and other points of exploitation. Our ethical hackers manually test your web application using real-world attacker techniques to uncover vulnerabilities that automated scans might miss.
Whether you opt for blackbox testing (no internal system knowledge), greybox testing (partial system knowledge), or whitebox testing (full internal insights), each method serves a specific purpose. Together, we determine your goals and the scope of the test upfront to align with your security objectives.
Our Work Method
From preparation to results, our ethical hackers use expert insight and human logic to identify and prioritise any vulnerabilities found in your application.
1. Network scan
The use of automated tools to scan the target network for open ports, services, and potential vulnerabilities in network devices.
2. Application Scan
Search for common weaknesses including the OWASP Top 10 vulnerabilities, such as SQL Injections and Cross-Site Scripting (XSS).
3. Patch Levels
Review of software patches and updates to confirm the application is protected with the latest security fixes.
4. Identification
Cataloguing known vulnerabilities in the application, including software and configuration weaknesses.
5. Prioritisation
Assigning risk levels to identified vulnerabilities based on potential impact and likelihood of exploitation.
6. Custom report
Detailed report with identified vulnerabilities, their risk levels, and recommendations for remediation.
Our one-day blackbox pentest has a total duration of 3 days from start to report and includes the following checks:
- Leaking of technical information
- Connection safety
- Use of standard accounts
- Password policy
Our 3-day greybox pentest has a total duration of 7 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- CSRF
- Cookies
- Input validation
- Output validation
Our 5-day greybox pentest has a total duration of 14 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
Our 7-day greybox pentest has a total duration of 16 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
- API security
Our 5-day whitebox pentest has a total duration of 14 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
|
|
Blackbox
|
Greybox
|
Whitebox
|
|---|---|---|---|
|
Goal
|
Mimic true cyber attack
|
Assess vulnerability to insider’s threats
|
Simulate attack where hacker gains access to priviliged account |
|
Access
|
Zero access of internal information
|
Account and some internal info available
|
Complete open access to applications and systems |
|
Test
|
Trial and error method only
|
Data domain and internal boundaries can be tested, if known |
Data domain and internal boundaries can be tested more thoroughly |
|
Time
|
Least time consuming
|
Good balance of time and depth of testing
|
Most exhaustive and time consuming
|
Our one-day blackbox pentest has a total duration of 3 days from start to report and includes the following checks:
- Leaking of technical information
- Connection safety
- Use of standard accounts
- Password policy
Our 3-day greybox pentest has a total duration of 7 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- CSRF
- Cookies
- Input validation
- Output validation
Our 5-day greybox pentest has a total duration of 14 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
Our 7-day greybox pentest has a total duration of 16 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
- API security
Our 5-day whitebox pentest has a total duration of 14 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
|
|
Blackbox
|
Greybox
|
Whitebox
|
|---|---|---|---|
|
Goal
|
Mimic true cyber attack
|
Assess vulnerability to insider’s threats
|
Simulate attack where hacker gains access to priviliged account |
|
Access
|
Zero access of internal information
|
Account and some internal info available
|
Complete open access to applications and systems |
|
Test
|
Trial and error method only
|
Data domain and internal boundaries can be tested, if known |
Data domain and internal boundaries can be tested more thoroughly |
|
Time
|
Least time consuming
|
Good balance of time and depth of testing
|
Most exhaustive and time consuming
|
QUESTIONS?
Share your details or book a time to chat online, and we’ll be happy to discuss how our pentest can support your organisation.
We handle your personal data with care and use it only for the purpose for which it was provided. Please read our privacy statement for more information.
* Required
