Operational Services
Penetration Testing
Identify your vulnerabilities before an attacker exploits them
Why perform a penetration test?
A penetration test (pentest) simulates a real cyberattack against your information system to identify exploitable vulnerabilities. Unlike a simple vulnerability scan, pentesting concretely validates the possibility of exploiting flaws.
Regulatory requirement
Penetration tests are required by many regulations and standards: NIS2, DORA (TLPT), ISO 27001, PCI-DSS, and are often requested by cyber insurers.
Types of penetration tests
Application pentest
Security tests on your web, mobile and API applications.
- ✓Web applications (OWASP Top 10)
- ✓iOS/Android mobile applications
- ✓REST, GraphQL, SOAP APIs
- ✓Business applications
Infrastructure pentest
Security assessment of your network infrastructure.
- ✓Network infrastructure
- ✓Active Directory
- ✓Cloud (Azure, AWS, GCP)
- ✓Workstations
External pentest
Attack simulation from the Internet on your exposed perimeter.
- ✓Reconnaissance and OSINT
- ✓Vulnerability scanning
- ✓Flaw exploitation
- ✓Exposed services testing
Internal pentest
Simulation of an attacker who already has internal network access.
- ✓Privilege escalation
- ✓Lateral movement
- ✓Domain compromise
- ✓Data exfiltration
Our methodology
Scoping
Definition of scope, objectives and rules of engagement.
Reconnaissance
Information gathering on the target and attack surface identification.
Analysis
Vulnerability research and analysis of identified flaws.
Exploitation
Exploitation attempts to assess actual impact.
Reporting
Detailed vulnerability documentation with prioritized recommendations.