Can your business withstand a cyber attack? Penetration testing will tell you.
Penetration testing is an assessment of the level of security of systems by simulating a real hacker attack.
Penetration testing is often mistaken for vulnerability scanning. Vulnerability Scanning is a fully automated test that anyone can run. For example, we have prepared a free online vulnerability scan.
Penetration testing is for organisations that invest in IT security and want to check whether there is a weakness in their security that could be exploited by real hackers to carry out an attack.
Penetration testing doesn’t just look for weaknesses in IT systems such as applications and corporate networks, but also among people. This type of testing is called social engineering.
If you haven’t done pentests before and IT security is important to you, you shouldn’t hesitate.
It’s a good idea to perform tests at a regular frequency, or whenever there is a major change such as a new technology implemented or an infrastructure merger with a new company.
This may also be to test your IT team to see if and how they will respond to an ongoing attack.
Test the security of the application, mobile application or API. We perform security audits of more than 90 security areas according to the OWASP methodology.
Test the security of your perimeter from the public network, verify the correct configuration of your internal network or verify your cloud provider.
[We’ll certainly bring the heat — but only to keep you from getting burned.]
What should you think about before you start preparing the assignment?
Choose the test according to the area to be tested:
If you are asking for a quote or doing market research, the first thing we ask you to do is at:
What else do we need to know?
The assignment can be given in terms of time – we require a tester for 5 days.
Or contact us and we can help you with everything.
Each penetration test is followed by an evaluation phase that describes the test process, a description of any vulnerabilities found, and a rating of their severity according to the CVSS classification.
This is the technical part of the report, which is intended for security managers, engineers and application developers, where for each vulnerability a recommendation is also given on how to prevent or solve the problem.
At the end of the report, you will find a management summary that explains in an understandable way to the company’s management the vulnerabilities and security gaps found, their severity and ways to fix any problems.
On request, we can send you a sample of the resulting report.
During penetration testing, a combination of manual and automated testing occurs, depending on the nature of the systems and applications being tested.
If the tests are performed in a production environment, the level of automated testing and interference with the production system can be minimized so as not to cause unnecessary damage.
Testing is conducted in accordance with OWASP and OSSTM.
During the tests we mostly use the Kali linux distribution and its tools Nmap, Nikto, MetaSploit, DirBuster, Nessus, Hydra, OWASP ZAP, Burp Suite, John the Ripper and many others.
We look for known vulnerabilities in the platform under test and write and modify scripts to exploit them.
For example, a list of known exploits and vulnerabilities can be found here: https://www.exploit-db.com/.
The average price of penetration tests ranges from EUR 2,000 to EUR 12,000. The price is equivalent to the scope and complexity of the project.
What factors influence the cost of testing?
The scope of testing is directly proportional to the number of assets and their complexity (IP addresses, applications, databases, devices, APIs, etc.).
The cost of penetration testing also varies based on the methodology and complexity of the test. The methodologies used have different areas of focus, which consist of sets of tests. Adding or removing specific tests again affects the cost of penetration testing.
Place of execution:
Most penetration testing can be performed off-site. However, there are cases where large and complex environments are tested. At this point, an on-site visit to the customer’s site may be necessary. Onsite tests are also required when penetration testing physical security.
Additional expenses will be incurred if remediation assistance is required and/or if for re-testing after repairs have been made.
We have many years of experience with projects in large corporations and banks.
We are holders of globally recognized IT security certifications.
We continuously train and educate ourselves in the field of IT Security and Ethical Hacking.
We are an agile company with a transparent pricing policy.
We stand out for our diligence and professional approach.
We can send you a sample of our work – a sample test report.
Consultation -> non-binding offer.
We will be happy to talk to you online or in person at our offices in Prague, Brno or Bratislava.