What is penetration testing?
Penetration testing is a simulation of a realistic outside attack on a particular website in order to identify vulnerabilities that can be exploited by attackers. In this way clients are equipped to take preventive action against potential high-risk security breaches.
What will penetration testing reveal?
With Pronect, you will learn the extent to which you are protected against malicious attacks, as well as how you can protect yourself from any discovered vulnerabilities. More specifically:
- Is your website vulnerable? To what extent? Which valuable data can an attacker access on your website?
- Which types of risks are your website and your business exposed to (access to emails, user databases, reputation damage...)?
- Can you trust the security solutions that you currently have in place? To what extent?
- What are the details and implications of your website’s or web application’s vulnerabilities?
- Which steps can you take to neutralize your online vulnerabilities and protect your website or web application moving forward?
- How can Pronect help you affordably establish and maintain a secure system which protects you from all high risk vulnerabilities?
Our unique methodology for detecting vulnerabilities
proprietary methodology for detecting vulnerabilities. Our penetration tests are based on real-world attacks and threats. In order to provide top-quality service, penetration testing is done from the perspective of a real attacker with limited information. We simulate the attack in the same way as a real attacker would, so we get accurate insight into the real state of your website’s or web application’s security.
Scanning software and other tools for vulnerability detecting have their place and can provide valuable insights, but in our business we rely entirely on manual methods. The main advantage of this is that it gives us a more comprehensive understanding of real attack dynamics and how these can affect your business. We do not depend on blueprints or prescriptions, instead preferring to draw from our experience and concrete practical knowledge in the field.
We test your websites and applications against vulnerabilities such as SQL Injection, XSS, directory traversal, authentication bypass, LFI/RFI and Buffer Overflow. Furthermore we inspect your current server configuration.
Why rely solely on manual testing?
Many organizations use automated testing tools and internal resources to analyse website security. These tools can provide valuable insight into a given security architecture. However, they are generic by nature, lacking the dynamic abilities and skills of experienced security professionals. As a result, these tools can complicate the process of detecting vulnerabilities by reporting a high number of false positives or false negatives instead of zeroing in on real, high-level risks. This is of course less effective and actually increases the time and cost required to identify high-risk vulnerabilities. Additionally, malicious attackers are well aware of the limitations of such automated tools and scanners. For these reasons, we rely exclusively on manual testing from the perspective of a real attacker.
How long does penetration testing take?
It depends on the complexity and size of your system. It can take anywhere from three up to a maximum of 10 days.
After testing, we send you a complete report, containing a concise, detailed description of each vulnerability and its solution. We provide two types of reports:
General report – a simple, user-friendly report describing vulnerabilities and risks for the safety of the company, and how these can affect your business. This type of report is intended for management or others whose knowledge and skills are non-technical.
Technical report – a detailed technical description of all discovered vulnerabilities along with a clear action plan, including recommendations on how to secure your system. This report is intended for IT professionals at your company.
We prefer reports that are as brief and concrete as possible. Everything is clearly and specifically described, without any unnecessary graphics or information.
We recognize that conducting a penetration test of your company website is a very serious matter, and we treat it accordingly. Out of respect for the highest level of data confidentiality, we want to ensure that you are fully protected and that your data is 100% secure during and after testing. For this reason, with every client:
- We sign a confidentiality agreement
- Penetration testing is conducted from a remote, secure location
- We send encrypted reports which are immediately deleted after we pass them to you
- All penetration testing is conducted from disposable virtual machines, which are immediately deleted upon test completion
Interested in knowing whether your data is safe on the Internet? Just fill out the form in the sidebar and we will get back to you within 30 minutes.