A pen test trial for IT infrastructure and web applications.
- Its goal is to simulate a possible attack and determine how deep an attacker can penetrate the system, and how much damage can be caused to a business.
- Through this, we can identify existing vulnerabilities and assess the current information security risks.
- We test two scenarios: external penetration (when the access rights to the application are not available), and internal actions of company employees who have access rights.
Five stages of penetration testing
Testing is based on the OWASP Web Security Testing Guide and Penetration Testing Execution Standard and includes five main stages.
- 1
Infrastructure research
Collecting and analyzing as much information as possible about the potential target of an attacker.
- 2
Threat modeling
Simulating potential threats based on collected and structured data about the infrastructure and services.
- 3
Vulnerability analysis
Detecting flaws in systems and applications: possible entry points, attack vectors, tools and methods for hacking.
- 4
Operation
An attempt to gain access to a system or web resource by bypassing security restrictions.
- 5
Post-operation
Determining the value of a compromised computer for the business and retaining control over it for future use.
What the pen test results report includes
How we describe detected vulnerabilities
CVSS evaluation
Attack replay scenarios
Possible consequences of attacks
Recommendations on how to fix vulnerabilities