PENETRATION TESTING (PENTEST)
A simulation of a real cyber attacks on your organization ICT systems to determine vulnerabilities and exploitable systems that may pose a risk to the organization.
The importance of any drill is to make sure that things work the way they are meant to work incase of an actual scenario as well as expose areas of weakness for you to improve on.
Our team with the vast knowledge and skill simulate this through a comprehensive method that looks into your organization 360o making sure that every aspect is looked at. That includes;
a .Internal parties & controls
b. External parties & controls
c. Third parties (Product & Service providers)
After identification of vulnerabilities, penetration testing will demonstrate the ability to gain unauthorized access to system resources and/or disrupt system services.
PENETRATION TESTING FOCUS
As you look into getting a pentest done for your organization, have a clear scope of what you need tested, here is a guide to identifying and defining your scope
Types of PenTest
Web Application PenTest
Web Application Penetration testing (black box and grey/white box) is focused on the application layer of the target application, and may include other logical components (e.g., application server, database).
Mobile Application PenTest
focused on identifying security flaws in the application, how the app interacts with the device platform it was written for (Android/iOS), how the app communicates with server-side systems (API’s, Web Applications etc.) & with the broader ecosystem.
Network & Infrastructure PenTest
Discovery & Enumeration of the connected devices to identify vulnerabilites that are tested in order to try and gain access. Testing of network misconfigurartions and networking devices.
Internal/External Clientside PenTest
A full 3600 look into your organizations running of business. With a focus on both internal and external processes, 3rd party connections and risk avaluation from every angle.
Social Engineering
The focus being on the people within and outside the organization, the aim to get confidential information about your organization through deception methids and use that information to gain access.
Remote PenTesting
Devicing new ways to carry out Pentests, it is not a must for our teams to visit your organization for a
PenTest, remote pentest too can work with the same impact as if our teams were there.
PENTEST Methodology
Know the Steps
The standard method of carrying out a pentest is well defined. Using the global set standards such as OWASP, NIST, MitreAtt&ck and comparison to ISO standards that govern the Cyber Security space, our teams give quality reports.
While documentations are done at each stage, our teams are able to give comprehensive details of the process that simulate an actual adversary.