- Call Us: +201022034444
Sun-Thu 09:00am-06:00pm
Penetration Test
Penetration testing is a cornerstone testing method in any security assessment practice. It is a practical way to identify security weaknesses in the organization systems that can potentially give unauthorized access. We utilize our knowledge in technologies and experience in security to run safe intensive penetration testing to simulate real targeted attacks so you can find vulnerabilities in technologies and application logic with minimal false positive and zero impact on the tested environment. While penetration tests can be performed with different setups as listed below.
- Black Box tests are where the penetration tester knows nothing of the infrastructure to be tested. It’s more indicative of a real-world, attack, but this method may not always expose all vulnerabilities.
- White Box tests are where the penetration tester has access to full, in-depth information on the infrastructure to be tested. Whilst not as realistic as a black box test, it allows for a very thorough test.
- Grey Box tests are the most popular form of test that takes a balanced approach between white and black boxes. A grey box test discloses just enough information to perform a thorough, methodical test, whilst keeping the scenario relevant and realistic.
Inspired by the NIST Framework we rely on a well-tested methodology to deliver our network penetration tests. This is conducted by dividing the penetration test into phases and relying on a tree-based approach to discover all possible vulnerabilities within the Scope of the engagement.
Our Web Application Pentest relies on the OWASP methodology. We attempt to identify all possible vulnerabilities in the Web Application by applying our methodology which is inspired by the OWASP testing methodology. Our conducted tests will also, focus on business logic flows and goes beyond the OWASP top ten to discover any possible vulnerability or miss-configuration in the Web Application.
Our Mobile application penetration test methodology is inspired from the OWASP Mobile Application testing guide and complying with CBE Mobile Application regulations. We conduct both static and dynamic testing on the targeted Application to discover any possible vulnerability or security issue. Also, we conduct API penetration test on the Backend APIs supporting the application.
In an ATM penetration test Cylert team perform a network penetration testing as we check for network level vulnerability in an ATM. Since ATM communicates with the back-end server, it has to be part of some network. By obtaining the IP address of the ATM, we perform a network level penetration test. Also, we conduct an application penetration test on the ATM application itself. Furthermore, the Application Backend should be included in the scope of the engagement.
Cylert relies on a mix of manual, semi-automated and automated techniques to perform a Vulnerability assessment on the targets within the scope of the engagement. During the testing phase of the engagement, we attempt to discover all possible vulnerabilities without conducting any proof-of-concept exploitation. We also, guarantee Zero effect on the environment being tested.