Penetration tests

Penetration tests will reveal the existence of vulnerabilities and other vulnerabilities in your applications.

Our specialists use real hacker practices and procedures according to the OWASP, OSSTM methodology and our best practices.

OUR SERVICES

Test the security of the application, mobile application or API. We perform security audits of more than 90 security areas according to the OWASP methodology.

Test the security of your perimeter from the public network, verify the correct configuration of your internal network or verify your cloud provider.

Social engineering

Our social engineering service will help you shed light on and document potential weaknesses among your employees.

What are penetration tests?

The penetration test is used to assess the level of security by attempting to penetrate the tested environment.

This is a technical form of security audit, which is performed by simulating a real attack. The tester uses the same methods and tools as a hacker.

Testing involves the use of various manual techniques supported by automated tools, where the tester looks for vulnerabilities and, based on his experience and professional methods, proceeds to exploit specific vulnerabilities.

Penetration testing is often and mistakenly confused with vulnerability scanning, unlike manual pentests are these tets fully automated.

Why do testing?

Testing will find deficiencies in the security of your IT infrastructure or web or mobile application.

The frequency of hacker attacks and the number of security flaws are increasing every day. Don’t take risks, test.

Penetration testing audits the current resilience of your systems and can thus become a good basis for security technology investment plans.

Other reasons to test:

  • Prevent cyber attacks.
  • Test where necessary – new implemented technology, or merging infrastructure with a new branch.
  • Test your security team to see if and how they will respond to an ongoing attack?
  • Build a strong reputation and don’t get hacked, data loss and reputation can be critical for business.
  • Testing may also be required by law.

Assignment of penetration tests

What should you think about before preparing an assignment?

In general:

  • What exactly will be tested – almost anything can be tested, however, it is necessary to balance the range of tests, which is directly proportional to the complexity and price.
  • Black box or white box?
  • Specified IP ranges, or will the tester look for them himself?
  • The assignment can also be entered in a time range – we ask the tester for 5 days of tests.


Application testing:

  • Access – authorized / unauthorized?
  • Test accounts – admin / user?
  • Environment – test / production?
  • Test with WAF / without WAF?

Results of penetration tests

The penetration tests are followed by an evaluation phase. Our penetration test report is divided into two parts.

The first includes a description of all vulnerabilities found and security vulnerabilities, assessing their severity and degree of risk.

This is the technical part of the report, which is intended for security managers, technicians and application developers, where each vulnerability is also given recommendations on how to prevent or solve the problem.

The second part of the report contains a managerial summary, which clearly explains to the company’s management the vulnerabilities and security gaps found, their severity and the ways to eliminate all problems.

Upon request, we can send you a sample final message.

Categorization of findings

Breakdown by category
Breakdown by severity

Methods and tools of penetration testing

During penetration tests, a combination of manual and automated testing takes place with regard to the nature of the tested systems and applications.

When tests are performed in a production environment, the degree of automated testing and intervention in the production system is minimized so that the tests have the least impact on the tested systems and applications.

We proceed with testing in accordance with OWASP and OSSTM.

During the tests, we most often use the Kali Linux distribution and its tools, such as Nmap, Nobody, MetaSploit, DirBuster, Nessus, Hydra, OWASP ZAP, Burp Suite, John the Ripper and many others.

We also look for known vulnerabilities of the tested platform, we write and modify scripts for their exploitation.

A list of known exploits and vulnerabilities can be found, for example, at https://www.exploit-db.com/.

How much do penetration tests cost?

The price of penetration tests can range from 2.000 EUR to  12.000 EUR. The price is always equivalent to the scope and complexity of the project.

What affects the cost of testing?
Range:

The size of the test determines the number of employees or IP addresses. Difficulty is further evaluated according to the complexity of the applications, servers, devices and databases to be tested.

Methodology:

The cost of penetration testing varies according to the methodology and complexity of the test. The methodologies used have different areas of focus, which consist of test files. Adding or removing specific tests again affects the cost of penetration testing.

Experiences:

Pentesters with more experience will usually be more expensive. You will get what you are really looking for from an experienced tester. When choosing a penetration tester, we recommend following certifications such as ECSA, CEH or OSCP.

Onsite:

Most penetration tests can be performed off-site. However, there are cases where very large / complex environments are tested. At this point, an on-site visit to the customer may be necessary. Onsite tests are required each time for a physical security penetration test or social engineering methods.

After tests:

Additional expenses await you in the event of a request for follow-up assistance with repair and / or a request for re-testing after repairs have been made.

Why with us?

We have many years of experience with projects in large corporations and banks.

We hold the globally recognized IT security certifications CEH – ECSA – CHFI.

We are continuously training and educating in the field of IT Security and Ethical Hacking.

We are an agile company with a transparent pricing policy.

We can quickly deploy testers on your projects.

Want to know more?

If you have any questions, do not hesitate to contact us using the contact form, or we will be happy to meet you

in our offices in Prague, Brno and Bratislava.

 

David Pícha
Cyber Security BDM
+420 604 200 062 ITsecurity@integra.cz