Our Security Analysts think like attackers, but with an ethical spirit

Critical mission systems are increasingly vulnerable to attacks that penetrate or circumvent perimeter defense devices as companies continue to expand their service portfolio through more open and connected networks.

Penetration testing is one and the right way to confirm the vulnerabilities existing on your IT infrastructure. As network and systems are the foundation of the data communication, vulnerability exploit occurring on those critical assets can lead to security risks such as loss of confidentiality, service downtime, data theft.

Our pentest activities allow you to confirm your vulnerabilities and take proactive action.

We offer three types of pentest to meet your need

Blackbox test – we don’t know anything about the IT infrastructure of the target. In other word, we act like a hacker

Greybox test – we know a little bit about the IT infrastructure of the target

Whitebox test – we know a little more about the IT infrastructure of the target

Each type has its advantages and disadvantages and, the choice of type depends on our customer’s objectives.

+ Gather information about your company, personnel, IT infrastructure, etc.

+ Social engineering of your key personnel

+ Cracking your passwords

+ Hacking your wireless network

+ Test the resilience of your boundary devices against DoS and DDoS attacks

+ Get critical data

+ Access your servers

+ Recommend the corrective controls

+ Deliver the report including action plan

 

All activities performed during each phase of penetration testing are done according to best practices defined, and tools recommended by EC-Council.

Blackbox – we don’t know anything about the IT infrastructure of the target. In other word, we act like a hacker

Greybox – we know a little bit about the IT infrastructure of the target

Whitebox – we know a little more about the IT infrastructure of the target

+ Recommendations for correctives actions

+ Pentest report

+ Collected evidence

+ Detect and correct zero-day attacks
+ Improving information security in the organization
+ Compliance with standards, laws and regulations (ex. PCI-DSS)

Why People Trust us ?

Client's Experience Counts

CAPTOSEC takes the needs and requirements of its customers to heart.

We Love Quality

CAPTOSEC relies on a holistic quality assurance process that helps enhance the deliverables and meet the clients’s satisfaction.

Our Motivated Team Uses Right Tools

By using right tools combined with good processes, CAPTOSEC meets the stakeholders’s expectations.

We Always Deliver On Time

CAPTOSEC’s Security Professionals listen and collaborate with clients throughout all phases of projects.

Our Security Professionals Are All Certified

In addition to their experience and skills, Security Professionals from CAPTOSEC hold Industry certifications such as CISSP, CASP, C|EH, CISM, CISA, Security+, CCIE, RHCA, PMP, E|CIH.

Other Expertise from CAPTOSEC

Design, development and improvement of information security processes

Development & enhancement of security policies, orientations, and guidelines

Threats modelling, Risks analysis and Recommendations

Quality Assurance of Deliverables in Information Security

Advice, Training & Awareness on information security

Design and Development of Security tools such as Template, Scripts, and Forms

Security audit & Assessment of Networks, Systems & Databases

Assist the customers in their software and hardware acquisition processes

Penetration testing of Applications, Networks & Systems

Design & Assessment of Business continuity and Disaster Recovery Plans

Protection of Networks, Systems & Security Devices

Intrusion Detection & Forensics Investigation

Our Methodology

We understand the needs and context of the client

We validate with the client, the scope and deliverables

We collaborate throughout the project phases

We rely on standards, best practices & QA