Ethical hacking services Vulnerability scanning and penetration testing
Our ethical hacking services can help you uncover vulnerabilities in your systems by simulating a real attack
In ethical hacking, our experts apply the offensive tools and techniques used by attackers to detect vulnerabilities that would be exploited in a real attack.
Our ethical hacking services basically take two forms of testing: vulnerability scanning and penetration testing.
What is the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is done with automated tools and focuses on known vulnerabilities without exploiting them. These vulnerabilities typically result from development and configuration flaws or vendor software bugs that have already been brought to light. Vulnerability scanning is a good tool to get a general picture of the security state of the application or website. It is particularly recommended in cases where a quick and easy repeatable procedure is needed.
External (Internet-facing) vulnerability scanning
Our company deals with external vulnerability testing. In this case, automated testing is performed from the Internet direction to detect known vulnerabilities. The scan includes network enumeration, component version mapping, search for known vulnerabilities, active and passive scanning of the web application and information hiding checks.
The penetration testing involves a number of manual techniques in addition to automated tools, where an ethical hacker, mimicking a real attacker, attempts to exploit the vulnerabilities identified, validating them and determining the extent and impact of potential damage. The result is assessed using the Common Vulnerability Scoring System, standardised by FIRST (Forum of Incident Response and Security Teams), whereby vulnerabilities are scored in a standardised system. The assessment is based on the exploitability of the vulnerability and its impact on the security of the data concerned.
Typically, the ultimate goal of penetration testing is to obtain the highest possible privilege level on the system. This offensive approach provides an excellent model of exactly what an attacker can accomplish in a given environment, ranging from accessing mail, obtaining corporate passwords, to accessing confidential business data.
During penetration testing, we test our clients’ systems against a strict set of predefined rules and an internationally recognised methodology. Our goal is to help our partners understand the risks associated with their systems and make recommendations to make them more secure.
Our penetration testing services
- Penetration testing of external (Internet-facing) infrastructure: offensive testing from the Internet, without using internal information and privileges. Discovery and validation of visible IP domains, servers, services and security testing of discovered resources.
- Web application penetration testing: security testing of the organisation’s web applications according to the OWASP (Open Web Application Security Project) methodology, using an offensive approach. Starting with the manual validation of the results of the automated scan by interpreting and evaluating the responses to the client. Testing the exploitability of the vulnerability and producing a Proof of Concept.
- Android mobile application penetration testing: static analysis of the mobile application using reverse engineering methods. Dynamic testing of the API and backend used by the application according to the OWASP methodology, using an offensive approach.
- Executive summary of the test results
- A description of the methodology used
- A description of the vulnerabilities identified with their associated risk rating
- General logical recommendations for addressing the identified vulnerabilities and errors
With ever-changing threats, the new software vulnerabilities coming to light every day and the advances in hacking techniques, it is worth repeating ethical hacking audits at regular intervals. In many cases, even the legal compliance requires annual security testing. Recognising all of this, and at the same time acknowledging the quality of our work, we are proud to welcome a number of our partners as returning customers. If the technical security testing results a need for major organisational development or training of colleagues, our team of IT security experts is available.
As part of our ethical hacking services, we also undertake expert examination of emails deemed suspicious in an isolated environment.