We can perform penetration tests on web and mobile applications, client-server applications using web technologies as well as APIs. We use OWASP top 10, CIS & NIST checklists as a lifeline when looking for vulnerabilities, we can also look for specific ones defined in a the scope of an assessment. The findings are prioritized using OWASP risk rating methodology based on their impact for you, their exploitability and their likelihood
We can perform network penetration mimicking attackers (from inside or outside your perimeter) trying to access select assets on your network.
These tests are great at demonstrating the feasibility of compromising an asset.
The findings are prioritized using OWASP risk rating methodology, based on their impact for your organization, their exploitability, and the likelihood or complexity of their execution
Enumeration of your systems in the IP ranges included within the scope to identify potential ways in. Rogue identification can be performed at this stage (if list of assets is provided).
Using OSINT and the results of our reconnaissance (services running, patch level, etc.), we try to identify a firm way to get a foothold in one of your systems or applications.
Before reporting a vulnerability or a finding, we always check if it is indeed exploitable as sometimes, vulnerabilities are present, but mitigated by other controls.
With your approval, we will execute the exploitation step under certain circumstances (red team assessments are generally executed in production). We can also simulate the exploitation to demonstrate how it would impact production systems.
Using a combination of manual and automated testing, we attempt to discover common misconfiguration and incorrect implementation of the most common cloud services (AWS, Azure, Google).
This service can be performed in black/grey/whitebox mode, however, for maximum efficiency, we would recommend to perform a full cloud services configuration review which will allow to find the abovementioned issues faster, and will also help find other things a blackbox test might have missed.
Whatever your challenge is, we can help you, do not hesitate and drop us a line !
Or use the form on the right, we will reply as soon as possible!