Services

As an ethical hacker, I conduct penetration tests to see if your sensitive data and important systems are properly secured.

What is a penetration test?

When you have a penetration test performed, you allow legal hackers to break into your IT environment. The advantage is that this way you get a good insight into the vulnerabilities of the system and are ahead of cybercriminals. Vulnerabilities in the application can be fixed early, making the organization safer and minimizing risks.

Penetration testing involves looking at various IT systems and applications. For example, I perform pen tests on both web applications, mobile applications and your organization's infrastructure. This ensures early detection of weaknesses and openings and prevention of effective cyber attacks.

Exactly what will be tested we discuss in advance so that you get the results you expect and the most essential parts are as secure as possible.

Types of penetration tests

Black Box testing: With minimal prior knowledge, your application or infrastructure will be tested for vulnerabilities. In this type of test, I have no access to the source code, no account for the web application and my access is limited.
Grey Box testing: In these tests, I will have partial access to your applications. The privileges may still be limited but I will have login codes, for example, to search for vulnerabilities on the web application itself.
White Box testing: I get access to many aspects of the scope discussed. For example, insight into the source code, access to the web application with login credentials for users with different privileges.

  • 1
    Discussion

    I will first conduct an intake meeting with you. Based on that, we can determine the scope of the pen test. What is the purpose of the investigation? What testing method I will use? What budget is available? And how long will the pen test take? Once this is established, the Pentest can begin.

  • 2
    Investigations

    In the first phase of the pen test, I will map your application/infrastructure and gather information using a number of scans. I will also look for low hanging fruit during this phase.

  • 3
    Hacking

    After the initial investigation, I will do manual hacking. I will try to find vulnerabilities from the OWASP top 10 and, using the data from the previous phase, I will try to find access paths to penetrate the system or to gain access to sensitive data.

  • 4
    Report

    During phase 2 and 3 I will report all interesting findings and through the CVSSv3 model I will determine how serious the vulnerabilities are. This will result in a clear report with a recommendation on how to better secure your organization.

Request a quote

Would you like to know the options and costs?
Get in touch and request a free quote.