Penetration Test

Home » What we do » Application Security » Penetration Test

Penetration testing simulates internal and/or external attack that aims at violating the company’s information security. Using many tools and techniques, the tester (Ethical Hacker) tries to exploit critical systems and obtain access to sensitive data. Executive modes are two: white box and black box.

In black box modality, taking as an example a web application, the customer gives the URL address of the application to be tested. We define with the client the domain or the scope for which the test needs to be applied. In white box modality the client provides other useful information to implement the test, as an example access credentials, application architecture, development language and references to the most sensitive parts of the software.

Through automatic tools and manual procedures Ethical Hacker will try to detect weaknesses and will test all security functionalities as authentication and authorization, giving evidence of the exploitation of the flaws of the system.

Implementation modes:

\

Information Gathering (Gathering information on the target of the tests)

\

Footprinting and Scanning ( Identification of the services and of the operating systems implemented on the target)

\

Vulnerability Assessment (scanning, identification and classification of the known vulnerabilities)

\

Manual Assessment (identification and classification of unknown vulnerabilities)

\

Exploitation (demonstration of violation of detected vulnerabilities)

\

Report (detailed report for the client of the outcome of the test with advice on how to mitigate the detected vulnerabilities)

What is an Application Penetration Test?

Application PT

An application PT is used to test for the presence of vulnerabilities in software, whether it is a web or mobile application or a SOAP or RESTful web service. Using procedures defined by standards and organizations such as OWASP, the analysis is performed through a series of attack attempts that involve the communication protocols and logics used by end users to interact with applications.

The tests are conducted both anonymously and in “user mode”. This uses an account created via standard activation procedures to allow the penetration tester access as an authorized user. In this way, it is possible to test the robustness of the authentication and containment systems for both anonymous users and normal authorized users.

Wish for more information? Don’t hesitate and get in touch with us with no obligation

Contact us