Pentests

The Goal of a Pentest is to find out if and how vulnerable your Assets are. Through Automated and Manual reconnaissance and exploitation, a Pentester is able to identify Misconfigurations and known Vulnerabilities.

In a Pentest the main Goal is Identifying the vulnerability of the given scope with already known Exploits. Staying undetected is not a Priority, which means that traffic may be captured by your IT-Department.

Web-App-Pentest

A Web-App-Pentest is exclusively for your Domains and does not include IP/Server testing, hence no further Permissions are required.

The Domains will be tested according to the OWASP Top 10 Methodology.

externAl pentest

Additional to the approach of a Web-App-Pentest, the external Pentest contains all assets that are externally accessible, e.g. Servers where the Website is hosted, etc.

As a result, this test requires written permission from the Server Owner, e.g. the Hosting Provider.

If the Domain is hosted on your Companies Server, no additional permissions are required.

Full pentest

This type of Pentest includes the Web-App, External and an additional Internal Pentest. This means that, if exploitation is successful, the Internal Network will too be assessed.

Note that, like in any Test, exploitation and access are not guaranteed. For this Test Phishing or a Grey Box approach could increase the chance of success.

Like with the External Pentest, if the Server is not owned, written Permission is required from them Hosting Provider.

Length 3-5 Days

Black Box

detAils

detAils

Length 5-7 Days

Black Box

Phishing optional

Length 5-10 Days

Black Box or Grey Box

Phishing optional

detAils