Penetration Testing Service

Penetration Testing Service, Digitpol provides penetration testing, colloquially known as a pen test, pentest or ethical hacking, which is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. Vulnerability assessments are included in our Pen Test, the goal is to identifying, quantifying, and prioritizing the vulnerabilities in a system. Digitpol is accredited in performing controlled penetration testing to discovery flaws, cyber espionage, vulnerabilities and apply immediate fixes.

We perform application testing on new and existing applications, we conduct testing of all forms of applications to discover if any security flaws exist, malware, open back doors, data transfer, leakage, security certifications and coding issues.

Both local and remote infrastructure pen-testing and software application pen-testing can be performed in a controlled environment, We conduct testing services with strict guidelines and under an agreement with our client. All of our tests are independent of any third party.

IP, Wi-Fi, LAN, Networks

A Pentest aimed at your companies internal network and provides detailed information on any and all vulnerabilities related to your LAN, IP or Wi-Fi networks. It's a deep dive into what networks exist, how powerful their security is, and what devices connect to them. In some cases the test can discovery whether ransomware or your employees can compromise data. In some cases we have detected remote access was found.

(WEB) APPLICATIONS

Testing of Web applications and services such as websites, payment apps, payment or financial systems (POS) and portals are the gateway to your data and even your internal infrastructure. A Pentest reveals vulnerabilities in these applications, this test can be extended to all forms of apps, payment systems, POS machines, apps that contain wallets.

MOBILE APPS & APIS

Mobile Apps often process personal or sensitive data and are linked in various ways to other (web) services and APIs. Modern apps often contain a method to accept a payment or collect personal data. A Mobile App Pentest examines all possible attack vectors and links of the Mobile Apps, hosted environment and open back doors.

IACS & OT

Testing of devices is highly important as most IACS are not secured by default, we assess the security of your Industrial Automation and Control Systems (IACS) and Operational Technology (OT) environments with ICS/SCADA, HVAC, SIS, communication systems for vulnerabilities. In some cases, after the test, we can apply a firewall for industrial devices.

Mobile APP CODE Assessment

Mobile App (iOS or android) Code Assessment and Penetration Testing, we provide mobile app penetration testing services to review code and discover security flaws, our services are conducted by senior coders and assessment testers, we use both automated and manual examination of code. Our code review is deployed at the final stage of your app development, just before it goes live, we will test the code for security risks, vulnerabilities and for compliance.

APP API - Cloud Pen Testing

APP API Testing, As many apps send data to a cloud known as a backend end via an API, we also conduct testing of cloud environment  to APP for discovery of vulnerabilities and security risks. An API between an APP and cloud can contain hidden flaws in security, this is a critical factor we look into

LAN Network Penetration Testing

Digitpol specalises in security audits of a local network can be performed locally, onsite or at clients premises or via VPN. Testing of LAN networks will discover malware, bots, rogue devices, traffic to rouge sources, data leakage, unauthorised PC or devices and vulnerabilities.

Auditing & Assesment

A Pentest is often a mandatory part of audits for a range of standards including ISAE or ISO27001. A Pentest in the context of an IT assessment is aimed at meeting standards frameworks. The report is immediately usable for an auditor to detect the flaws, identify gaps and apply immediate fixes.

Penetration Testing Methods

As a standard there are three Pentest methods can be distinguished. These are well-known as black box testing, gray box testing and white box testing. None of these methods are considered the best but applied depending on your situation and after a consultation, the right approach can be applied. Each variant has its own pros and cons and will discover slightly different outcomes. The right choice therefore depends entirely on the stage of development, network circumstances and past testing.

Black Box Testing

With a black box Pentest, the ethical hacker does not receive any information in advance, just like in real life. This way, the pentester can really take on the role of an opportunistic, uninformed hacker. Since the pen tester has no pre-information, but is limited by time and budget, this test variant is usually the least thorough. The test is therefore often used when checking the general security of an application, network or system.

Gray Box Testing

With a gray box Pentest, some information is made available. For example, the login details of an employee or customer to check whether they can gain unauthorized access to data. With this technique, the pentester takes on the role of an informed hacker or malicious insider who already has some access to the system or application before starting the attack. So testing is done from the user's perspective.

White Box Testing

With a white box Pentest, full disclosure is given in advance, such as network diagrams and source code. This allows them to perform the pen test very thoroughly. With this method, more complex and well-hidden vulnerabilities can be found.

The process of a Penetration Test

At DIGITPOL, a Pentest always always starts with an interview, we often do this via a conference call or in person, during this interview the scope (framework) of the Pentest is defined along with the object of the investigation and which methods we will apply. The budget, time frame and schedule are important. After the interview, we will send you a contract that details what we will do, the cost and timeframe, we also can sign an NDA. Once this has been established, the Pentest can start. This happens in three phases:

Reconnaissance

In the exploration phase, the ethical hackers will start mapping potential entrance doors. This involves mapping the infrastructures and systems used and looking for low-hanging fruit. This is one of the most vital parts of the process.

Launch The Attack

After the exploration, the actual attacking of your applications, networks or systems begins. The ethical hackers try to find entry doors and exploit vulnerabilities in order to penetrate your systems and steal sensitive data. The hacking starts, we detail every step and we record our sessions which is handed over in the final report.

Report the Findings

During the Pentest, the ethical hackers document all vulnerabilities and findings found that are classified according to a risk profile for your organization. This results in a clear and detailed report containing the most important conclusions and recommendations with which the security of your organization can be improved. This report is used to solve any issues found.

Difference between a pentest and a vulnerability scan?

With a Pentest, the majority of it consists of manual tests performed by an experienced and specialized ethical hacker. Creativity and knowledge play an essential role in finding risks that would otherwise go unnoticed. If most of the Pentest is automated, this is called a vulnerability scan. In many cases, a vulnerability scan does not have the intelligence to discover vulnerabilities that deviate from these known patterns. However, the scan can be useful to quickly find known security errors.

How does a pentest contribute to your organization?

In recent years we have seen that more and more companies have the need to subject their applications, networks or systems to a Pentest. Performing such a test can be a valuable addition to assess the level of your security and thus combat risks and vulnerabilities. Pen testing results in improvements that preventively make your organization safer and reduce risks.

Would you like to have a Pentest performed? DIGITPOL offers specialists who will take care of your systems just like real cyber criminals. The Hackers from DIGITPOL are certified according to the highest standards.

What is a Penetration Test?

A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. Penetration testing can include the attempted breaching of any number of application systems, endpoints, interfaces (APIs), backends of databases, servers, switches, routers, all with the aim to uncover vulnerabilities.

The final report of a penetration test can be used to fine-tune your WAF security policies and patch discovered vulnerabilities.

Questions?