Our Security Analysts think like attackers, but with an ethical spirit
Critical mission systems are increasingly vulnerable to attacks that penetrate or circumvent perimeter defense devices as companies continue to expand their service portfolio through more open and connected networks.
Penetration testing is one and the right way to confirm the vulnerabilities existing on your IT infrastructure. As network and systems are the foundation of the data communication, vulnerability exploit occurring on those critical assets can lead to security risks such as loss of confidentiality, service downtime, data theft.
Our pentest activities allow you to confirm your vulnerabilities and take proactive action.
We offer three types of pentest to meet your need
Blackbox test – we don’t know anything about the IT infrastructure of the target. In other word, we act like a hacker
Greybox test – we know a little bit about the IT infrastructure of the target
Whitebox test – we know a little more about the IT infrastructure of the target
Each type has its advantages and disadvantages and, the choice of type depends on our customer’s objectives.
+ Gather information about your company, personnel, IT infrastructure, etc.
+ Social engineering of your key personnel
+ Cracking your passwords
+ Hacking your wireless network
+ Test the resilience of your boundary devices against DoS and DDoS attacks
+ Get critical data
+ Access your servers
+ Recommend the corrective controls
+ Deliver the report including action plan
All activities performed during each phase of penetration testing are done according to best practices defined, and tools recommended by EC-Council.
Blackbox – we don’t know anything about the IT infrastructure of the target. In other word, we act like a hacker
Greybox – we know a little bit about the IT infrastructure of the target
Whitebox – we know a little more about the IT infrastructure of the target
+ Recommendations for correctives actions
+ Pentest report
+ Collected evidence
+ Detect and correct zero-day attacks
+ Improving information security in the organization
+ Compliance with standards, laws and regulations (ex. PCI-DSS)