Cyber security services

Penetration testing

Penetration testing, or pen testing for short, is a simulated cyber attack towards your system. Pen testing measures your cyber defences, exposes your vulnerabilities and lets you patch them before a real attack takes place.

Targeting your vulnerabilities

The pen test scope will be agreed with you to provide the best match with your vulnerabilities. The test can be launched with a limited set of information on the target system, or with no information at all, depending on what kind of scenario you want to simulate.

How is it really done

A pen test follows a set procedure.

  • Pre-engagement: A meeting to set the scope of the test
  • Intelligence gathering: Finding all publicly available information
  • Threat modeling: Listing the most important assets and secondary targets providing attack routes to them.
  • Vulnerability analysis: Finding routes to the system through port and web scans and configuration bugs.
  • Exploitation: The actual attack, with the intention to bypass all existing security measures undetected for as long as possible.
  • Post exploitation: The attack after the attack, ensuring a continued access to the compromised system and entering deeper layers of the target system.
  • Reporting: Reporting the key findings of the test and the technical details of the testing procedure.

Understanding the status is the key to improvement

Only through testing is it possible to know your defenses for sure.

Based on your vulnerabilities, you can choose the testing scenario that is best for you and your organization, ranging from DDoS emulation to penetration testing, or to the widest scope of red team testing. The scope of the testing varies, but the end result is always an increased protection from cyber threats.