A comprehensive study aimed at identifying vulnerabilities in information systems
Addressing your Cyber gaps, weak points, and your effectiveness of security controls by simulating a real-world attack
Penetration Testing Services is a multiple layer service that includes
Application Penetration Testing:
Services from the attacker point of view that identify applications vulnerabilities to be exploited and gain unauthorized access
Identifying vulnerability issues such as SQLi, OS Injections, Buffer Overflow, XSS, CSRF, Cookie Manipulation, Session Hijacking, or using DoS or Business Logic Flaws.
Infrastructure Penetration Testing
Assessing your organizational network or subnetworks for public services, remote access services, supplier’ extranets.
The testing includes identification of both commonly known 3rd party component vulnerabilities, misconfigured and nonhardened servers and or network components, authentication, Brute Force, Elevation-of-Privilege (EoP) attacks, WiFi Network Testing, custom Protocol Fuzzing and more.
Combined Penetration Testing
A combination of both Application and Infrastructure Penetration Testing to assess specific Service.
This Service is performed by a highly skilled team with state-of-the-art technologies and proven methodologies. It provides our customers with a clear view of their threat landscape and actionable recommendation for improving security posture and business resiliency.
Our Risk Management Model
This Risk Assessment will be performed according to a Hybrid Security RA Approach (HSRAA) developed by us and our partners Cybrella Research Lab. The Hybrid Security Risk Assessment Approach is based on a combination of standard best-known methods and practices derived from different RA methodologies and tailored to fit a project and a specific customer requirement as described below.
-
White Box Application Security Testing/Audit of system components with access to development resources, internal documentation and source code.
-
Grey Box Application Security Testing/Audit of system components with partial access to development resources and source code such as 3rd party components, libraries, and tools.
-
Black Box Application Security Penetration Testing/Audit of system components with no available access to development resources or with a specific requirement to assess a limited access/limited knowledge Threat Source POV (e.g. “cleaning man” or malicious user scenarios)
-
A Source Code level review to provide additional insights often missed during the traditional Dynamic Security Testing methods (DAST). This review will include Automated, Manual, and as well as Hybrid Security Code Review techniques to systematically detect product security vulnerabilities in the source code.