Penetration testing
In-Depth Testing Needed?
Our penetration testing service goes beyond automated scanning by simulating real-world attack techniques against your website or application. Our ethical hackers identify complex vulnerabilities that automated tools alone may miss, helping you reduce the risk of cyber attacks, protect sensitive data, and strengthen the security of your systems. You'll receive a clear understanding of your security risks, along with practical recommendations to address them.
Whether you opt for blackbox testing (no internal system knowledge), greybox testing (partial system knowledge), or whitebox testing (full internal insights), each method serves a specific purpose. Together, we define the objectives and scope of the test in advance, ensuring the assessment aligns with your business needs and security goals.
Why Choose Forus-P?
Combining automated testing with expert manual analysis and human insight, our team of Certified Ethical Hackers uncover real-world security risks and provide you with practical recommendations to strengthen your applications. Our approach follows recognised methodologies, including PTES and OWASP-based testing practices.
Our lead penetration tester is a European-recognised engineer (EUR ING) with decades of hands-on experience in application security, red teaming, and penetration testing. His expertise and extensive background ensure that every assessment is delivered to the highest professional standard.
-
Advanced Offensive Security Expertise
Certified in OSCP and ODPC, with extensive experience in ethical hacking, offensive development, defence evasion, malware analysis, and reverse engineering.
-
Academic & Defence Background
European Engineer (EUR ING), Registered IT Professional (RI), CISSP, and CCSK certified. Holds an M.Sc. in Cyber Security with experience as a Military IT Specialist with the Dutch Ministry of Defence, and CPTE certification.
Pentest Options
Choosing the right penetration testing approach depends on how much visibility and context you want to provide to the testing team. Each method offers a different level of access and insight, which influences how deeply systems can be evaluated and what types of vulnerabilities can be uncovered.
Compare blackbox, greybox, and whitebox testing below to quickly understand the differences. We can always help you decide which approach best fits your environment and security goals.
Greybox 3 | Greybox 5 (popular) | Greybox 7 | |||
| Test duration | 1 day | 3 days | 5 days | 7 days | 5 days |
| Total duration start to report | 3 days | 7 days | 14 days | 16 days | 14 days |
| Leaking of technical information | |||||
| Application management | |||||
| Connection safety | |||||
| Use of standard accounts | |||||
| Password policy | |||||
| Authentication requirements | |||||
| Sequencing | |||||
| Horizontal escalation | |||||
| Vertical escalation | |||||
| Session management | |||||
| CSRF | |||||
| Cookies | |||||
| Input validation | |||||
| Output validation | |||||
| API security | |||||
| Monthly vulnerability scans | 50% discount | Details | Details | Details | Details | Details |
Our one-day blackbox pentest has a total duration of 3 days from start to report and includes the following checks:
- Leaking of technical information
- Connection safety
- Use of standard accounts
- Password policy
Our 3-day greybox pentest has a total duration of 7 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- CSRF
- Cookies
- Input validation
- Output validation
Our 5-day greybox pentest has a total duration of 14 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
- 50% discount on monthly vulnerability scans
Our 7-day greybox pentest has a total duration of 16 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
- API security
Our 5-day whitebox pentest has a total duration of 14 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
|
|
|||
|---|---|---|---|
|
Goal
|
Mimic true cyber attack
|
Assess vulnerability to insider’s threats
|
|
|
Access
|
Zero access of internal information
|
Account and some internal info available
|
Complete open access to applications and systems |
|
Test
|
Trial and error method only
|
Data domain and internal boundaries can be tested, if known |
Data domain and internal boundaries can be tested more thoroughly |
|
Time
|
Least time consuming
|
Good balance of time and depth of testing
|
Most exhaustive and time consuming
|
Greybox 3 | Greybox 5 (popular) | Greybox 7 | |||
| Test duration | 1 day | 3 days | 5 days | 7 days | 5 days |
| Total duration start to report | 3 days | 7 days | 14 days | 16 days | 14 days |
| Leaking of technical information | |||||
| Application management | |||||
| Connection safety | |||||
| Use of standard accounts | |||||
| Password policy | |||||
| Authentication requirements | |||||
| Sequencing | |||||
| Horizontal escalation | |||||
| Vertical escalation | |||||
| Session management | |||||
| CSRF | |||||
| Cookies | |||||
| Input validation | |||||
| Output validation | |||||
| API security | |||||
| Monthly vulnerability scans | 50% discount | Details | Details | Details | Details | Details |
Our one-day blackbox pentest has a total duration of 3 days from start to report and includes the following checks:
- Leaking of technical information
- Connection safety
- Use of standard accounts
- Password policy
Our 3-day greybox pentest has a total duration of 7 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- CSRF
- Cookies
- Input validation
- Output validation
Our 5-day greybox pentest has a total duration of 14 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
- 50% discount on monthly vulnerability scans
Our 7-day greybox pentest has a total duration of 16 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
- API security
Our 5-day whitebox pentest has a total duration of 14 days from start to report and includes the following checks:
- Leaking of technical information
- Application management
- Connection safety
- Use of standard accounts
- Password policy
- Authentication requirements
- Sequencing
- Horizontal escalation
- Vertical escalation
- Session management
- CSRF
- Cookies
- Input validation
- Output validation
|
|
|||
|---|---|---|---|
|
Goal
|
Mimic true cyber attack
|
Assess vulnerability to insider’s threats
|
|
|
Access
|
Zero access of internal information
|
Account and some internal info available
|
Complete open access to applications and systems |
|
Test
|
Trial and error method only
|
Data domain and internal boundaries can be tested, if known |
Data domain and internal boundaries can be tested more thoroughly |
|
Time
|
Least time consuming
|
Good balance of time and depth of testing
|
Most exhaustive and time consuming
|
Our Testing Process
With a structured approach, we deliver consistent, thorough, and reliable penetration tests.
1. Network scan
The use of automated tools to scan the target network for open ports, services, and potential vulnerabilities in network devices.
2. Application Scan
Search for common weaknesses including the OWASP Top 10 vulnerabilities, such as SQL Injections and Cross-Site Scripting (XSS).
3. Patch Levels
Review of software patches and updates to confirm the application is protected with the latest security fixes.
4. Identification
Cataloguing vulnerabilities in the application, including software and configuration weaknesses.
5. Prioritisation
Assigning risk levels to identified vulnerabilities based on potential impact and likelihood of exploitation.
6. Custom report
Detailed report with identified vulnerabilities, their risk levels, and recommendations for remediation.
GET IN TOUCH
Leave your details or schedule a time to speak with us online. We’ll be happy to answer your questions and discuss how our penetration testing services can support your organisation.
We handle your personal data with care and use it only for the purpose for which it was provided. Please read our privacy statement for more information.
* Required