Penetration testing

We provide Penetration testing

External and internal penetration testing is required for successful completion of the PCI DSS certification audit.

Our approach to penetration testing will allow you both to prepare for the audit, and get useful information about your information security. Our scope includes both the PCI DSS systems, and related information systems.

If you are in charge of the information security in your organization, penetration testing will help you obtain valuable information. The findings will clearly demonstrate the existing information security vulnerabilities and the consequences that might result from the inadequate protection. The results of the penetration testing can justify the budget and other costs to ensure the company's information security.

It should be noted that the service is inexpensive, so the testing may be conducted on the department budget.

Penetration testing is mandatory for the risk analysis in many organizations. This is especially true for commissioning new systems or after upgrading infrastructure when it is easy to overlook information security risks.

Penetration testing will help assess the changing risks and monitor the information security processes.

  Ask the expert

Get free advice on penetration testing

SQL Injection Buffer overflows Cross-site scripting Cross-site request forgery
Vulnerability check
automatic, manual, efficient

Scenarios we are use

An Internet attacker who is not authorized to access information systems and has only publicly available information about the information systems, methods used and means of protection.
An attacker with network access to internal network (in one of the network segments), who has no right to access information systems and has only publicly available information about the information systems, methods used and security tools.
An attacker operating from the internal network, who has logical rights in the information systems, possibly local administrator privileges and a superficial (possibly detailed) information about the network structure, methods used and security tools.

Testing methodology

Typically, penetration testing consists of several steps:

  • Collecting preliminary information. For example, information about structure and components of the corporate network (network addressing, network components, security tools). The info is collected from the public sources, including the Internet;
  • Determining types and versions of devices, operating systems, network services and applications to respond to external impact (i.e. responding to various requests);
  • Identifying the network and application vulnerabilities (automated and manual methods);
  • Simulating the network attacks;
  • Simulating the application attacks;
  • Preparing the test report and recommendations.

Do you want penetration testing? E-mail us