Our Pentests and Associated Services

External infrastructure security test

This test simulates an attack on an IT infrastructure accessible from the Internet. The objective of such a test is to identify vulnerabilities in the security measures implemented at the network and operating system level of systems connected to the Internet.

Internal infrastructure security test

This test simulates an attack on the company's local network systems and the sensitive data stored in there. This is a simulated attack by someone who has previously accessed the internal network and is familiar with it. The test focuses on the structured identification of vulnerabilities in a large set of internal systems.

Web application security test (black box)

A black box web security test simulates an attack from the perspective of an unauthorized user. This test analyzes the application for very common vulnerabilities, such as SQL injection, Cross-site Scripting (XSS), user input validation and vulnerable management interfaces.

Web application security test (gray box)

A gray box web security test simulates an attack from the perspective of both an authorized and unauthorized user.

The same tests as in a black box security test are applied. In addition, other tests involve the use of specifically provided accounts, with the objective of focusing on vulnerabilities regarding application logic, such as checking for unauthorized access to information (via other users).

Mobile application security test (gray box)

This test targets the security of mobile applications on smartphones and tablets, concerning the communication between the (mobile) application on smartphone / tablet and the environment’s back-end. For this purpose, we will do a specific application security test for the back-end and a source code security test for the mobile application.

Hacking as a Service (HaaS)

Instead of performing a single security test that gives an idea of an environment’s security state at a specific point in time, the Hacking comm Service (HcS) proposition is a subscription. We will periodically test all components for which a subscription has been taken out. At each period (monthly / quarterly / semi-annually), we will analyze the environmental security situation at that specific time. Between each test, we clearly compare the results of the tests carried out previously with the latest ones.

Wi-Fi security test

A Wi-Fi security test simulates an attack on a wireless network. We will enter one or more sites with a specially prepared laptop to identify vulnerabilities in the Wi-Fi technology in place, at several strategic points if necessary.

Password complexity testing

This test will assess the strength of important passwords that end users may have chosen. To perform this test, we are working closely with the customer to obtain an extract of the password hashes of the selected users. We then try to “crack” these hashes, thus giving an overview of the chosen passwords and the associated statistics (for example, how many passwords can be guessed in a defined time).

What you get ?

1) A report : in PDF format in less than 3 days after test completion. The report includes actionable and valuable information for you to understand, reproduce and fix the vulnerabilities. You get a report on our findings, as well as recommandations, advices and remediation to solve your issues. The report is comprehensive, detailed and valuable. You get get a security diagnosis of your website & web apps with vulnerability details and remediation advices to improve it drastically.

2) A Re-test (6 months after): The packages have one re-test included in this price. Re-testing means punctual re-verification of all the findings mentioned in our initial report (re-testing is not a full pentest). The result of a re-test will be an email with the status of each finding (Fixed / Not fixed) and a short explanation for each one.