We carry out an application level penetration test of the given web application.

Application level tests focus on typical application security errors (e.g. Cross-Site Scripting, SQL injection or Cross-Site Request Forgery) and application logic flaws in the authentication and authorization.
– Anonymous Testing (Black-Box)
In the course of an Anonymous test, no information is provided by the client regarding the application or the environment.
– User Level Testing (Grey-Box)
User Level testing assumes having been provided with test accounts to applications under review. The team acts as an authorised user attempting to gain illegitimate privileges on the system.

Our methodology aims to cover all aspects of mobile security, including issues of stored sensitive data (consider the case of physical theft of a victim device), protection of communication channels and the server side components of a mobile application infrastructure.

Typically a mobile application test includes the assessment of the server side of the application as well.

The external infrastructure level penetration test aimed at identifying vulnerabilities in your defenses that might allow an attacker to penetrate the network and potentially to either gain unauthorised access to internal applications and sensitive information, or to cause disruption to critical services.

This test does not include the security assessment of the identified (web) applications, but focuses only on the infrastructure level.

An internal penetration test is a security assessment from the standpoint of an internal employee with malicious intentions, or an attacker who has successfully gained access to an internal network endpoint.

During the assessment, we attempt to determine which vulnerabilities can be exploited within the client’s infrastructure and assess the impact of a possible exploitation.

This test does not include the security assessment of the identified (web) applications, but focuses only on the infrastructure level.