Penetration testing aims at verifying the security posture of a targeted asset. Whether it is an web application, mobile application, infrastructure or a particular server. Depending on the client requirements we deliver black-box, gray-box and white-box testing approaches.
Our methodology is based but not limited to commonly accepted standards such as OWASP (TOP10, ASVS, WSTG, MSTG), NIST and PTES. Over the years we extended them based on our own experience. The pentest reports are prepared so that they are useful both to business and technical recipients. Each finding is delivered with a precise description, Proof-of-Concept (PoC) and contains the information about severity and recommendations.
Sample assessments we can deliver:
- web application penetration test
- mobile application penetration test (iOS & Android)
- native application penetration test
- source code review
- network infrastructure penetration test
- server configuration review
- embedded/IoT devices penetration test
- vulnerability assessment