Introduktion
Penetration testing requirements?
We will solve it!
All systems have vulnerabilities. Vulnerabilities that could increase the risk of data breaches if left untouched. A penetration test, or pentest, discovers vulnerabilities and identifies which ones are most critical. Having a picture of the system’s vulnerabilities makes it easier to prioritize resources to address them.
This is what you get
The best support in pentesting
In addition to the fact that all systems have vulnerabilities that you want to identify and remove, the background to the need for a pentest can come from external requirements from investors, customers, suppliers or as a requirement for, for example, certifications. No matter where the need comes from, we understand the requirement and can deliver the best support for your penetration test.
We have a solid experience of different types of tests for companies and organizations where the assignments range from tests in simple environments to very complex. We carry out our assignments with highly experienced specialists according to a well-proven methodology and various industry practices. Conducting pentests is a craft and our testers take great personal responsibility to always deliver with the highest quality.
Our standard package includes retesting as part of our offer. We do this to ensure that the identified vulnerabilities are actually addressed. After the test is completed, we will provide you with a report of the results and recommendations, which we will review with you.
This is what we can test
Our penetration tests
No two companies’ IT environments are the same. It is therefore important that we go through the conditions and methods together with you to come up with a good solution. Common to all our penetration tests is that we follow industry standards and methods from OSSTMM, OWISAM, OWASP, OASAM, ISSAF, NIST, ISACA, SANS, Mitre Attack. We perform penetration tests on web applications, mobile applications, infrastructure and APIs but also have the possibility to customize a test based on your needs.
Några av våra kunder
Approach to our pen tests
Different ways to test
Once you have decided which target to penetration test, the next step is to decide how to perform the test. Our service is based on black, gray and white box pentests.
Here’s how it works
Implementation and process of pentests
The methodology used to conduct pentests varies slightly depending on the scope and external conditions. It often involves four to six steps that can be repeated like a cycle. An example scenario for a Black Box pentest is described below.
- Collection of information on the target
In addition to the main objective, are there secondary objectives with lower security? What underlying systems can the target be expected to have. Is there open information about the target, which IP addresses could be targeted and which can be obtained? - Scanning of targets
What open ports does the target have and what do the vulnerabilities look like in a vulnerability scan? - Attack:
Exploit the vulnerabilities and try to gain access to systems through, for example, open ports, login fields, system vulnerabilities, and so on. - Conclusion:
Closing the attack, gathering evidence, preparing vulnerability report and recommendations
As described above, pentesters often use a vulnerability scanning tool to scan the target for potential vulnerabilities in the system. Each vulnerability discovered is then tested to see if it can be used to penetrate the system. Validating that the potential vulnerability can be exploited in practice is the major difference between a vulnerability scan and a penetration test.
Questions and answers
Here are answers to the most frequently asked questions about penetration testing. Do you have a question that is not listed? Use the contact form further down the page.