Our unique value proposition for Penetration Testing is the time and effort we spend in identifying all the threats and vulnerabilities that might be applicable. We map out the business logic to understand the business process. Once this has been done we craft manual attacks to try and exploit a system or application. While we do use automated testing tools for some of our activities bulk of it is performed manually in order to perform thorough testing and to identify vulnerabilities that other pen testers would miss.
Penetration testing involves gathering information about the target before the test, identifying possible entry points, attempting to break in either virtually or for real and reporting back the findings. The scope of activities generally includes the following:
- Pre-engagement Interactions
- Threat Modelling
- Vulnerability Analysis
- Exploitation (using non-destructive methods)
- Post remediation testing
Our Penetration Testing report consist of the following:
- Table of Contents
- Executive Summary
- Document Information
- Engagement Summary
- Technical Findings and Recommendations.