PenTest : Penetration Testing Service and Associated services
Our Pentests and Associated Services
External infrastructure security test
This test simulates an attack on an IT infrastructure accessible from the Internet. The objective of such a test is to identify vulnerabilities in the security measures implemented at the network and operating system level of systems connected to the Internet.
Internal infrastructure security test
This test simulates an attack on the company's local network systems and the sensitive data stored in there. This is a simulated attack by someone who has previously accessed the internal network and is familiar with it. The test focuses on the structured identification of vulnerabilities in a large set of internal systems.
Web application security test (black box)
A black box web security test simulates an attack from the perspective of an unauthorized user. This test analyzes the application for very common vulnerabilities, such as SQL injection, Cross-site Scripting (XSS), user input validation and vulnerable management interfaces.
Web application security test (gray box)
A gray box web security test simulates an attack from the perspective of both an authorized and unauthorized user.
The same tests as in a black box security test are applied. In addition, other tests involve the use of specifically provided accounts, with the objective of focusing on vulnerabilities regarding application logic, such as checking for unauthorized access to information (via other users).
Mobile application security test (gray box)
This test targets the security of mobile applications on smartphones and tablets, concerning the communication between the (mobile) application on smartphone / tablet and the environment’s back-end. For this purpose, we will do a specific application security test for the back-end and a source code security test for the mobile application.
Hacking as a Service (HaaS)
Instead of performing a single security test that gives an idea of an environment’s security state at a specific point in time, the Hacking comm Service (HcS) proposition is a subscription. We will periodically test all components for which a subscription has been taken out. At each period (monthly / quarterly / semi-annually), we will analyze the environmental security situation at that specific time. Between each test, we clearly compare the results of the tests carried out previously with the latest ones.
Wi-Fi security test
A Wi-Fi security test simulates an attack on a wireless network. We will enter one or more sites with a specially prepared laptop to identify vulnerabilities in the Wi-Fi technology in place, at several strategic points if necessary.
Password complexity testing
This test will assess the strength of important passwords that end users may have chosen. To perform this test, we are working closely with the customer to obtain an extract of the password hashes of the selected users. We then try to “crack” these hashes, thus giving an overview of the chosen passwords and the associated statistics (for example, how many passwords can be guessed in a defined time).
What you get ?
1) A report : in PDF format in less than 3 days after test completion. The report includes actionable and valuable information for you to understand, reproduce and fix the vulnerabilities. You get a report on our findings, as well as recommandations, advices and remediation to solve your issues. The report is comprehensive, detailed and valuable. You get get a security diagnosis of your website & web apps with vulnerability details and remediation advices to improve it drastically.
2) A Re-test (6 months after): The packages have one re-test included in this price. Re-testing means punctual re-verification of all the findings mentioned in our initial report (re-testing is not a full pentest). The result of a re-test will be an email with the status of each finding (Fixed / Not fixed) and a short explanation for each one.
Retest Reports in PDF can be generated on request. The retest report may either contain all findings, having their update status (Fixed / Not Fixed), or it may contain only the remaining (Not Fixed) findings.
3) Our comprehensive services : Network Penetration Testing, Web Application Penetration Testing, API Penetration Testing, Mobile Application Penetration Testing
We combine our expertise with well-known methodologies such as the OWASP Testing Guide and the Penetration Testing Execution Standard. We Depending on the complexity and the time available, we also try to demonstrate the vulnerabilities by providing small proof-of-concepts.
Can you use our service against your Client System ?
Yes, of course. You can test your clients' systems as long as you have authorization from them to do that. This is mostly applicable to consultancy companies that want to use our services in white label solution. On request, we can also provide white labeled reports with your branding.
What we need from you ?
It is mandatory that you have a clear authorization to have a penetration test performed against the target system from the owner of the target. It happens that the system is on a shared web hosting (or is a managed service), therefore you must notify and have permission from the provider of the service. We can also help you with that. Lastly, it is recommended to have a backup of the target system.
Once payment is complete, please send us by email at email@example.com
- The URL(s) of the target(s)
- A short description of the target application(s)
- A Letter of Authorization or representation in case the website is not yours.
- Your name and company name
- For Network Penetration Testing: How many IP addresses are in scope
- For API Penetration Testing: How many endpoints and API functions are in scope? Also, please mention if Black-Box or Grey-Box is required
- If applicable: Do you have any specific requirements for this engagement?
- The type of services required
- For Web Applications: Please mention if it's Black-Box or Grey-Box and, if Grey-Box, how many user roles you need to be tested. We usually recommend taking into account both a regular user and an admin role (for cross-users and privilege escalation testing)
Considering these elements, if our expert consider that your request is more complex and should be paid a better price, we will submit a specific invoice.
But no problem, if you refuse the new invoice, you'll get fully refunded. In case of question, please contact us directly at firstname.lastname@example.org
Price per day is 1500£