We offer services that help safeguard your environment.
Vulnerability assessmentA vulnerability assessment is the process of identifying vulnerabilities on a network, and gives an overview of the flaws
that exist on a system. It makes use of non-disruptive techniques.
A vulnerability assessment answers the question "What are the present vulnerabilities, what is the impact and how do
we fix them?" In other words, a global view of the security posture of a company is presented as the resulting
deliverable. A vulnerability assessment does not go into detail in how a specific exploit could lead to a compromise of
data. A vulnerability assessment can be done externally, or internally, depending on the scope.
Penetration testA penetration test is focused on gaining access to the environment through testing on different levels (physical security,
social engineering, wireless security, network security, application security,…) and using that access to provide
validation of the possible impact an attacker can have on a company. It can make use of disruptive techniques, using
credentials, as long as it is within the limit of a predefined set of rules of engagement.
A penetration test answers the question: "Can an attacker or intruder break-in, what can they attain and what are the
consequences?". A penetration test is more focused on gaining privileges through weak chains in the company.
Tests are done using both automated tools and manual testing, sometimes including R&D and custom exploit/payload
Application securityDuring a web application security test, the application will be subjected to browser based attacks that concentrate
on user actions in the web application. Testing will be done using both automated crawling and scanning tools as
well as manual testing using the OWASP web application testing methodology.
These tests include: information gathering (Recon), config & deploy management testing, identity management testing, authentication and session management testing
, authorization testing, data validation testing, cryptographic analysis, business logic testing and client side testing.