What types of PT’s we perform?
Black Box Testing
Simulates a skilled attack, using techniques and tools to reveal vulnerabilities, potential exploitation damage and severity. The process covers a wide range of application-level vulnerabilities as defined by OWASP and WASC.
Gray Box testing
Uses automatic and manual tools to access the system’s internal structures and code. In this process, a highly experienced auditor simulates a real skilled attacker in a Black Box test combined with a White Box test, seeking insecure code which can put the application in jeopardy. It’s a full system inspection, both from the developer’s and a malicious hacker’s perspective. It covers a wide range of vulnerabilities and enumerates potential risks to a given system.
This is an in-depth analysis of the application’s code aimed at detecting security issues by inspecting the actual code to find security bugs, reveal hidden backdoors, and explore the system’s vulnerabilities. The test will attempt to find weaknesses, where often the culprits are insufficient secure coding policies, business logic flaws, internal structure and system design.