What is penetration testing?

Penetration testing is a simulated cyberattack against your software systems to investigate for (exploitable) vulnerabilities. Our ‘white-hat hackers’ will try to find weaknesses in your software system and look into how far they can exploit these vulnerabilities. Pen testing provides a snapshot of the state of security in a given software system and infrastructure under investigation. A pen test can be either a ‘black box’ with no access to the source code as well as a ‘white box’ with full access to the source code.

Typically penetration testing is focused on reporting the so called Common Vulnerability Scoring System (CVSS) score. Unfortunately CVSS measures impact and does not say anything about the likelihood, hence the risk. Our penetration testing is focused on risk rather than an exhaustive search for all the low-hanging fruits.

Why pen testing?

Pen testing provides a great snapshot of the state of security in your software system and infrastructure. Our ethical hackers will provide some insights to your development team into which parts of your system need improvement in order to make it and keep it more secure. Your organization will get a third-party expert opinion on your risks and cyber-defense capabilities. A pen test is also a great way to establish trust with your customer base by developing a reputation for maintaining a standard of excellence regarding cybersecurity.

How does it work?

A pen test is a time-boxed activity during which our ethical hackers will try to find as many weaknesses as possible in your software systems. Before starting the actual hacking we will discuss the details and the scope of the pen test. In order to determine the highest priority issues, we would also agree on the “crown jewels” of the software system under investigation.

Depending on your needs and constraints we will run the penetration testing in either a black box mode (with no access to the source code) or a white box / grey box mode (with access to the source code).

What do you get?

The output of our hacking efforts will be a comprehensive report that contains a list of all weaknesses found, the suggested mitigation strategy as well as an overall security improvement recommendations to improve your organization’s security posture.

We will give you the traditional CVSS2 scores. In collaboration with you we will create a risk profile and provide the risk scores for each finding.

Our team will also provide suggestions for DevSecOps tooling that might help you with your security posture.