Penetration tests

Concise system and application reviews utilizing common and advanced techniques of highly trained attackers

Penetration tests are simulated attacks against the most valuable assets within your organization’s information infrastructure. Possible targets include but are not limited to web application services such as corporate web interfaces or VPN/remote access servers. While our attacks are real, your damages are not. The objective of our penetration tests is threefold: identify existing vulnerabilities within your technical infrastructure, expose the potential damage to your organization if exploited by malicious attackers, and provide solid groundwork for further risk analysis as well as any adjustments to your organization’s future risk management strategy.

With high-quality penetration tests being the primary service of our company, we are a reliable partner in leading your organization to obtain a clearer picture of how secure or insecure your information targets are, even though other people may tell you differently. We do this by harnessing our experience in identifying and exploiting vulnerabilities with custom-made tools. If the target requires it, we will go the extra mile to, for example, create an exploit that connects multiple vulnerabilities to demonstrate the full extent of their impact on your organization’s business.

While we are versatile regarding the type of your test targets, we do have a long experience in analyzing the following technologies:

  • Web applications and web services, written in different languages and frameworks, such as PHP, ASP.NET, Java (JSP and JSF), JavaScript, and others
  • Mobile applications for the iOS and Android platforms as well as their respective server backends
  • Fat clients and native desktop applications
  • Internal and external networks of all sizes

All our penetration tests include a full report that gives you a high-level overview, estimated risk ratings as well as a detailed description of each finding. If feasible, we also provide detailed recommendations on how to mitigate the vulnerabilities found.