A Penetration Test is a test carried out by computer cyber security experts, also known as “Penetration Testers”, “White Hat Hackers” or “Ethical Hackers”, where a cyber-attack is simulated with the authorization of the contracting company against its networks, systems and applications.
A Penetration Test can help companies identify and mitigate vulnerabilities before hackers exploit them and cause major damage to the company. It can also help a company's security team react and respond to security incidents, test new products or technology before they are released, and comply with regulations and laws. A cyber-attack can result in the following potential damages to a company:
An internal network penetration test assesses what types of vulnerabilities a hacker with access to a
company's internal networks and systems can exploit and what information they can access. The testing
also helps a company to protect itself against attacks carried out by malicious employees, third-parties or even customers.
An internal network penetration test is very important for a company to know how much damage an attack could cause if
a cybercriminal manages to gain access to it.
An external network penetration test simulates an attack on networks, system and services that are exposed to the internet
and aims to identify and exploit vulnerabilities that may give access to these networks and systems.
An internal network penetration test helps the company identify and mitigate vulnerable services that are exposed to the internet before cyber criminals find and exploit them.
As most of the web applications are internet-facing, they are often the gateway for hackers into a company's system. Considering that many web applications store sensitive customer information, it is very important to keep them safe at all times. Web applications are also business essential for many companies as they need to be always available.
Unlike an internal and external network penetration test which refers to a network penetration test and is network-wide focused; A web application penetration test only focuses on attacking and exploiting web applications and web services.
A web application penetration test identifies and helps mitigate critical vulnerabilities that could be exploited by cyber criminals, providing your organization, whether it is an online commerce, financial institution, hospital, or others a crucial protection against cyber threats.
Our web application penetration test will assess web applications based on the Open Web Application Security Project (OWASP) testing methodology and following the same techniques used by hackers in real attack situations to establish whether, and to what extent vulnerabilities can be exploited.
Our web application penetration tests are mostly done manually without the help of automated vulnerability scanners, this allows our experts to discover vulnerabilities that are not normally detected by these scanners and prevent the test from affecting the normal functionality or availability of the web application.
In recent years there has been a significant increase in the use of mobile devices such as smartphones. As these devices grow, so do threats. Cyber criminals are increasingly specializing in the practice of scams against mobile applications and smartphone users. Mobile applications often interact with everything from the mobile device or tablet, network infrastructure, servers, and data centers. This gives rise to a very complex attack surface. Cyber criminals can exploit vulnerabilities in the applications and gain access to the company's network.
Mobile application penetration tests help companies and developers find vulnerabilities and misconfigurations in mobile applications. That way, once vulnerabilities are identified, developers will be able to make patches and change the design of the application to address any issues at hand.
At the end of the penetration test, a detailed PDF report with all the vulnerabilities found, the step-by-step explanation of each vulnerability and instructions on how to mitigate them will be delivered to the customer. These vulnerabilities are classified according to the risk they offer, being Critical, High Risk, Medium Risk, Low Risk and Informational. If a critical rated vulnerability is found, our experts will notify the customer immediately so they can mitigate it as quickly as possible.