Penetration testing

The aim of a web application penetration test is to verify the actual resistance of a web application to an attack. We use automated tools and manual testing, and we perform combined attacks. The test is suitable for websites and large-scale web services applications. The tests are performed using the OWASP methodology.

In the case of an external penetration test, we simulate an attack on the customer's systems and applications from an external environment, i.e. we simulate an attack by a potential hacker attempting to penetrate from the internet. The goal is to detect any vulnerabilities that could be exploited by a potential attacker to penetrate or gain unauthorized access to the internal network. For testing, we use our own best practices supported by OSSTMM and CEH methodologies.

An internal penetration test verifies the resilience of the corporate network from the inside, i.e. attacks conducted by employees, partners or suppliers. The aim of the test is to protect against unauthorized access and possible misuse of data and sensitive information by users on the internal network. For testing, we use our own best practices supported by OSSTMM and CEH methodologies.

Wireless LAN scanning – wireless networks typically extend beyond the organization's building, allowing a potential attacker to penetrate the corporate network and systems through unauthorized access to the Wi-Fi network. Wi-Fi network tests include verification of availability (signal coverage, interference), unauthorized access to the Wi-Fi network, interception of communications, detection of unauthorized wireless access points.

Examination of employee behavior and reactions to attempts to obtain sensitive data and information through fraudulent e-mail or telephone campaigns, etc. The aim is to reveal the level of security awareness, compliance with the internal regulations and resistance to threats using methods of manipulation in direct and indirect communication.