We provide both external and internal pentesting services. External pentest focuses on weakest points, whether the weakest link is the application, the network or the personnel. Internal pentest mimics an attack originating from inside the company, perhaps from a malignant or disgruntled employee, or a hacker who managed to get inside the internal network.
The following processes are conducted for both Internal and External Testing projects:
- comprehensive analysis of publicly available information about the target
- Building and visualizing the whole system in scope to be able to identify vulnerabilities
- Vulnerability identification including: reverse engineering, injection scanning, impact estimation, false positive/negative verification.
- Performing the penetration test from different points on the network and with different privilege and authorization.
- Updating the blueprint map to reflect the new discovered information leveraged from the exploited system.
- Report and documenting findings across different levels including technical and management level.