Question? Call Us +420 776 851 028

Our mission is to empower businesses to proactively tackle cyber threats and make the internet a safer place.

Contact Us

Hey, let's talk

Need to improve your security, but don’t know where to start? Do not endanger the reputation of your company and contact us as soon as possible.
London

Kemp House, 152 – 160
City Road, London, England, EC1V 2NX

+420 776 851 028

Worldwide
Have a question?

Frequently Asked Questions

If you don’t see your questions about penetration testing on this page or if you want further clarification on our pentesting services, please contact us.

A penetration test, also known as a “pen test” is a method for evaluating the effectiveness of an organization’s security controls. Testing is performed under controlled conditions, simulating scenarios representative of what a real attacker would attempt. When gaps are identified in a security control, a penetration test goes beyond basic vulnerability scanning to determine how an attacker would escalate access to sensitive information assets, confidential information, personally identifiable information (PII), financial data, intellectual property or any other sensitive information. Penetration testing utilizes pen test tools and techniques, guided by a disciplined and repeatable methodology, resulting in a report containing detailed findings and recommendations that allow an organization to implement counter measures and improve the security posture of the environment. These improvements ultimately reduce the likelihood an attacker could gain access.

There are a couple of big differences. First, a VA scan is an automated test. A penetration test is performed by qualified individuals that actually dig into the complexities of your network and actively try to exploit any vulnerabilities that they may discover.

A vulnerability scan typically only identifies vulnerabilities at a high level. This scan is not intended to exploit vulnerabilities, and produces an indication report. A pentester will dig deeper and attempt to identify root causes of vulnerabilities; they use their brain and creativity to gain access to databases and extract sensitive data.

Pentesting can be performed from different levels of access. Referred to as “black box,” “grey box,” and “white box” testing, these penetration testing types are categorized based on the level of knowledge and access shared with the tester by the client.

Black Box Penetration Testing Service
A black box test simulates an average hacker without much knowledge of the internal system or network. It attempts to exploit vulnerabilities of parts of the network that the public might see. As an example, a black box test might determine if hackers could breach an eCommerce site. This is usually the fastest type of test to run.

Gray Box Penetration Testing Service
A gray box text rests between a black box and a white box test. Testers develop these simulations to understand issues that an average system could cause if they had bad intentions or if their login permissions were stolen. For example, a gray box test might look for application vulnerabilities in an information system that employees generally use.

White Box Penetration Testing Service
Since organizations need to account for internal threats or stolen login permissions, they may choose a white box test to see if people with strong credentials could create mischief if they were so inclined. For example, these tests might determine the issues a hacker who obtained the login information from somebody in IT or IS.

Everybody wants to keep their businesses running and maintain a good reputation with their customers. Partnering with a qualified penetration testing firm that can work from the mindset of an attacker is the best way to truly improve the security of your systems. 

There are many reasons why a business might get a pen test. Perhaps they want to protect their customers or their reputation; both great reasons. Maybe they want to prevent downtime, damage, and humiliation in the face of a security incident. Maybe they’re releasing new software and want to make sure any changes made didn’t cause unanticipated problems. Or maybe they need to provide assurance to a 3rd party that they are secure – this can help limit liabilities if things go wrong.

Often, periodic penetration tests are needed to comply with legal or regulatory requirements like the Payment Card Industry Data Security Standard (PCI DSS) or the Health Insurance Portability and Accountability Act (HIPAA).

We urge companies to get to the point where they use penetration testing as a security best practice. It’s a great corporate habit to get into. Pen testing is the best way to check the security of your internal processes; from IT, to development, to product design–you can make sure that departments are communicating and doing their jobs effectively, and that the “business as usual” process is working.

Other reasons you might need a penetration test: if you’re making major changes to your networks, installing new hardware like firewalls or servers with new operating systems in critical zones, reorganizing your whole network, adding new zones, moving to a new data center, or transferring data storage to a cloud.

It’s a good idea to periodically test any system that is handling sensitive data with a penetration test. And if you’re changing the software you generate or write by adding new features, refactoring or changing code, or upgrading to new versions, it may be a good time to do an application penetration test.

To prepare for your pentest, you need to answer some important questions: what is my motivation? What do I really want to find out? What are my compliance requirements?

Do you just want to know that you’re secure for your own peace of mind? Do you want to improve and evaluate your security posture? Do you need to increase security awareness for upper management in your company? Perhaps you want to justify spending for security expenses. Do you want to identify your controls and have confidence that they are working? Perhaps you are having a lot of security incidents and you want to reduce the frequency and the impact of those incidents.

Often there are third parties that require proof that you can be trusted with their data. Other times you are complying with legal and regulatory requirements: ISO, HIPAA, PCI, etc.

hero-S326HRW-3.png
We're sorry, but the site is currently under construction.
Subscribe and we will let you know :)
logo

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed