In-Depth Testing Needed?

Our penetration testing service goes beyond automated scanning by simulating real-world attack techniques against your website or application. Our ethical hackers identify complex vulnerabilities that automated tools alone may miss, helping you reduce the risk of cyber attacks, protect sensitive data, and strengthen the security of your systems. You'll receive a clear understanding of your security risks, along with practical recommendations to address them.

Whether you opt for blackbox testing (no internal system knowledge), greybox testing (partial system knowledge), or whitebox testing (full internal insights), each method serves a specific purpose. Together, we define the objectives and scope of the test in advance, ensuring the assessment aligns with your business needs and security goals.

Why Choose Forus-P?

Combining automated testing with expert manual analysis and human insight, our team of Certified Ethical Hackers uncover real-world security risks and provide you with practical recommendations to strengthen your applications. Our approach follows recognised methodologies, including PTES and OWASP-based testing practices.

Our lead penetration tester is a European-recognised engineer (EUR ING) with decades of hands-on experience in application security, red teaming, and penetration testing. His expertise and extensive background ensure that every assessment is delivered to the highest professional standard.

  • Advanced Offensive Security Expertise

    Certified in OSCP and ODPC, with extensive experience in ethical hacking, offensive development, defence evasion, malware analysis, and reverse engineering.

  • Academic & Defence Background

    European Engineer (EUR ING), Registered IT Professional (RI), CISSP, and CCSK certified. Holds an M.Sc. in Cyber Security with experience as a Military IT Specialist with the Dutch Ministry of Defence, and CPTE certification.

Choosing the right approach

Pentest Options

Choosing the right penetration testing approach depends on how much visibility and context you want to provide to the testing team. Each method offers a different level of access and insight, which influences how deeply systems can be evaluated and what types of vulnerabilities can be uncovered.

Compare blackbox, greybox, and whitebox testing below to quickly understand the differences. We can always help you decide which approach best fits your environment and security goals.

Our one-day blackbox pentest has a total duration of 3 days from start to report and includes the following checks:

  • Leaking of technical information
  • Connection safety
  • Use of standard accounts
  • Password policy

Our 3-day greybox pentest has a total duration of 7 days from start to report and includes the following checks:

  • Leaking of technical information
  • Application management
  • Connection safety
  • Use of standard accounts
  • Password policy
  • Authentication requirements
  • CSRF
  • Cookies
  • Input validation
  • Output validation

Our 5-day greybox pentest has a total duration of 14 days from start to report and includes the following checks:

  • Leaking of technical information
  • Application management
  • Connection safety
  • Use of standard accounts
  • Password policy
  • Authentication requirements
  • Sequencing
  • Horizontal escalation
  • Vertical escalation
  • Session management
  • CSRF
  • Cookies
  • Input validation
  • Output validation
  • 50% discount on monthly vulnerability scans

Our 7-day greybox pentest has a total duration of 16 days from start to report and includes the following checks:

  • Leaking of technical information
  • Application management
  • Connection safety
  • Use of standard accounts
  • Password policy
  • Authentication requirements
  • Sequencing
  • Horizontal escalation
  • Vertical escalation
  • Session management
  • CSRF
  • Cookies
  • Input validation
  • Output validation
  • API security

Our 5-day whitebox pentest has a total duration of 14 days from start to report and includes the following checks:

  • Leaking of technical information
  • Application management
  • Connection safety
  • Use of standard accounts
  • Password policy
  • Authentication requirements
  • Sequencing
  • Horizontal escalation
  • Vertical escalation
  • Session management
  • CSRF
  • Cookies
  • Input validation
  • Output validation

Goal
Mimic true cyber attack
Assess vulnerability to insider’s threats
Simulate attack where hacker
gains access to priviliged account
Access
Zero access of internal information
Account and some internal info available
Complete open access to
applications and systems
Test
Trial and error method only
Data domain and internal boundaries
can be tested, if known
Data domain and internal boundaries
can be tested more thoroughly
Time
Least time consuming
Good balance of time and depth of testing
Most exhaustive and time consuming

Our Testing Process

With a structured approach, we deliver consistent, thorough, and reliable penetration tests.

1. Network scan

The use of automated tools to scan the target network for open ports, services, and potential vulnerabilities in network devices.

2. Application Scan

Search for common weaknesses including the OWASP Top 10 vulnerabilities, such as SQL Injections and Cross-Site Scripting (XSS).

3. Patch Levels

Review of software patches and updates to confirm the application is protected with the latest security fixes.

4. Identification

Cataloguing vulnerabilities in the application, including software and configuration weaknesses.

5. Prioritisation

Assigning risk levels to identified vulnerabilities based on potential impact and likelihood of exploitation.

6. Custom report

Detailed report with identified vulnerabilities, their risk levels, and recommendations for remediation.

GET IN TOUCH

Leave your details or schedule a time to speak with us online. We’ll be happy to answer your questions and discuss how our penetration testing services can support your organisation.

We handle your personal data with care and use it only for the purpose for which it was provided. Please read our privacy statement for more information.

* Required