Skip to content

Penetration testing

We provide Penetration testing


The idea of such works consists in sanctioned attempts to bypass the existing complex of information system protection measures. In the course of testing, the auditor performs the role of an intruder motivated to breach the information security of the customer's network.
Up to 20% of critical vulnerabilities are detected at the stage of information gathering - with minimal impact (reduced risk of attack detection) on the objects under test. Combined penetration test including social engineering is the most effective - up to 70% users of the attacked system are susceptible to social and technical attacks.


Ask the expert

Get free advice on penetration testing

Or call us by phone: (044) 332 01 17


5 steps to successful Pentest

Intelligence

Collection of preliminary information. For example, about the structure and components of a corporate network (network addressing, network components, security tools used). The collection is carried out from available sources, including the Internet.

Service discovery

Determination of types and versions of devices, OS, network services and applications by reaction to external influences (i.e., by reaction to various requests).

Vulnerability Detection

Identification of vulnerabilities at the network level and application level (automated and manual methods).

Attack

Simulation of attacks at the network level and at the application level.

Preparation of recommendations

Preparation of a report and recommendations on the results of work.

Scenarios we are use


An Internet attacker who is not authorized to access information systems and has only publicly available information about the information systems, methods used and means of protection.
An attacker with network access to internal network (in one of the network segments), who has no right to access information systems and has only publicly available information about the information systems, methods used and security tools.
An attacker is operating from the internal network, who has logical rights in the information systems, possibly local administrator privileges and a superficial (possibly detailed) information about the network structure, methods used and security tools.

Who needs penetration testing


Pentest for PCI DSS

External and internal penetration testing is required to successfully pass a certification audit for compliance with the PCI DSS standard.

Pentest for Information Security Directors

External and internal penetration testing is required to successfully pass a certification audit for compliance with the PCI DSS standard.

Our approach to conducting penetration tests will allow you not only to prepare for the audit, but also to obtain useful information about the real state of affairs in the field of protecting your information resources. ur work includes not only systems within the scope of the PCI DSS standard, but also related information systems.

Pentest during Risk Analysis

In many organizations, penetration testing is a mandatory step in conducting a risk analysis. This is especially true when entering into operation of new systems or after a change in infrastructure, when it is possible to miss the moment of change of information security risks.

Penetration testing will allow assessing the changing risks and monitoring the implementation of information security processes.

Ask us about Penetration Testing

Ask a question