Penetetration tests

Can your business withstand a cyber attack?

The best way to see if you would stand up to an attack is penetration testing. 

What are penetration tests?

Penetration testing is an assessment of the level of security of systems by simulating a real hacker attack.

Penetration testing is often mistaken for vulnerability scanning. Vulnerability Scanning is a fully automated test that anyone can run. For example, we have prepared a free online vulnerability scan.

Bez názvu (1920 × 1080 px)

Today’s online world is full of automated and financially motivated cyber attacks on even the smallest companies and users.

Relying on hackers not to choose us is a common mistake.

What are penetration tests for?

Penetration testing is for organisations that invest in IT security and want to check whether there is a weakness in their security that could be exploited by real hackers to carry out an attack.

Penetration testing doesn’t just look for weaknesses in IT systems such as applications and corporate networks, but also among people. This type of testing is called social engineering.

When to do peneration tests?

Penetration testing reveals the real risks you are exposed to – see how your IT systems would stand up to a cyber attack.

We recommend conducting tests at a regular frequency, or whenever a major change occurs, such as a new technology implementation or infrastructure merger with a new company.

This can also be done to test your IT team to see if and how they will respond to an ongoing attack.

Do you have your own commercial application? Increase your credibility with a certificate of penetration testing.

As mandated by standards – Cybersecurity Act, ISO or other audits and standards.

Description of the penetration tests we perform

Test the security of the application, mobile application or API. We perform security audits of more than 90 security areas according to the OWASP methodology.

Test the security of your perimeter from the public network, verify the correct configuration of your internal network or verify your cloud provider.

Our social engineering service will help you shed light on and document potential weaknesses among your employees.

[We’ll certainly bring the heat — but only to keep you from getting burned.]

How to order penetration tests?

What should you think about before you start preparing the assignment?

Choose the test according to the area to be tested:

 

If you are asking for a quote or doing market research, the first thing we ask you to do is at:

Application testing:

    • Number of IP addresses tested
    • In what environment are you testing? Test/production?

Infrastructure testing.

    • Number of IP addresses tested
    • Domains tested

Social engineering

    • Number of employees tested
    • Different types of campaigns or one across the board?

What else do we need to know?

  • Do you want to provide background information or do we have information as a public hacker?
    (Black box / white box / grey box?)
  • Aggressiveness – Should testers be cautious? How much can they allow themselves? 
  • When do you require an implementation date?

The assignment can be given in terms of time – we require a tester for 5 days.

Or contact us and we can help you with everything.

Návrh bez názvu

Results from penetration tests

Each penetration test is followed by an evaluation phase that describes the test process, a description of any vulnerabilities found, and a rating of their severity according to the CVSS classification.

This is the technical part of the report, which is intended for security managers, engineers and application developers, where for each vulnerability a recommendation is also given on how to prevent or solve the problem.

At the end of the report, you will find a management summary that explains in an understandable way to the company’s management the vulnerabilities and security gaps found, their severity and ways to fix any problems.

On request, we can send you a sample of the resulting report.

Penetration testing methods and tools

During penetration testing, a combination of manual and automated testing occurs, depending on the nature of the systems and applications being tested. 

If the tests are performed in a production environment, the level of automated testing and interference with the production system can be minimized so as not to cause unnecessary damage.

Testing is conducted in accordance with OWASP and OSSTM.

During the tests we mostly use the Kali linux distribution and its tools Nmap, Nikto, MetaSploit, DirBuster, Nessus, Hydra, OWASP ZAP, Burp Suite, John the Ripper and many others.

We look for known vulnerabilities in the platform under test and write and modify scripts to exploit them.

For example, a list of known exploits and vulnerabilities can be found here: https://www.exploit-db.com/.

How much do penetration tests cost?

The average price of penetration tests ranges from EUR 2,000 to EUR 12,000. The price is equivalent to the scope and complexity of the project.

What factors influence the cost of testing?


Scope:

The scope of testing is directly proportional to the number of assets and their complexity (IP addresses, applications, databases, devices, APIs, etc.).

Methodology:

The cost of penetration testing also varies based on the methodology and complexity of the test. The methodologies used have different areas of focus, which consist of sets of tests. Adding or removing specific tests again affects the cost of penetration testing.

Place of execution:

Most penetration testing can be performed off-site. However, there are cases where large and complex environments are tested. At this point, an on-site visit to the customer’s site may be necessary. Onsite tests are also required when penetration testing physical security.

Other Services:

Additional expenses will be incurred if remediation assistance is required and/or if for re-testing after repairs have been made.

Why test with us?

We have many years of experience with projects in large corporations and banks. 

We are holders of globally recognized IT security certifications.

We continuously train and educate ourselves in the field of IT Security and Ethical Hacking.

We are an agile company with a transparent pricing policy.

We stand out for our diligence and professional approach.

Interested?

We can send you a sample of our work – a sample test report.

Consultation -> non-binding offer.

We will be happy to talk to you online or in person at our offices in Prague, Brno or Bratislava.