What is Penetration testing?
Can be applied at different levels like for example:
- Program (single process)
- Complete application (communicating processes)
- Network of many applications
The goal is to find evidence of insecurity, typically taking the form of exploitable vulnerabilities.
Why to do Pentest?
What would be the risk if the information of your company and your clients would land in the wrong hands?
Companies spend a fortune trying to recover data that was either lost or stolen. And in some cases losing valuable data that can’t be recovered might have a serious impact.For companies and organizations nowadays, where the amount of Data is so big that needs to be digitalized, the security of their system is of bigger importance.
bmbf.de/en – “96 percent of all German small and medium-sized enterprises (SMEs) have already had unpleasant experiences involving IT security incidents. ”
“According to a study by Corporate Trust, the damage to German industry caused by industrial espionage totals approximately €4.2 billion per year.”
ibm.com – “This year’s (2017) study reports the global average cost of a data breach is down 10 percent over previous years to $3.62 million.”
businessinsider.com – “Data breaches cost US businesses an average of $7 million”
csoonline.com – “ Ponemon Institute estimates an average breach cost of $3.5 million in 2017, with a 27% probability that a U.S. company will experience a breach in the next 24 months that costs them between $1.1M and $3.8M.”
Who are we and How do we work?
As pentesters we are a team that use guile and automated tools to find security issues. The same as a malicious hacker will. We are professionals with certifications such as CEH, LPT, CISSP, Red Hat Linux Administrator, Cloud Administrator, Software Security, Cryptography, Firewall Administrators (most of the private and opensource brands) and Network Security. Pentesting is not only about science, but also an art. We are a very creative and versatile and know our tools and can apply them in very different scenarios. The advantages of being a separate team and not a company intern, assures having a fresh look at everything.
Types of Pentest:
- White Box (The client provides information from application, network, infrastructure, etc. to perform the security test)
- Grey Box (The client provides information but testers try to find out more vulnerabilities out of the information supplied)
- Black Box (It simulates a real life attack, the tester will collect all information by himself using passive collection and social engineering techniques)