Applications are now a frequent target of cyber-attacks, whether from proprietary or ready-made solutions. Penetration tests carried out by our specialists will reveal any vulnerabilities in your application before someone else less friendly does!
Penetration tests are wide reaching and cover web, mobile (for Android and iOS) and network applications so you know your systems are safe.
There are three types of application pen tests that define their scope and time consumption:
We run those tests just as any outside attacker would - probing through any public access point to find a way inside. These tests can show you crucial weaknesses on the surface of your defence.
Building on a complete Black Box test, we use multiple, varied accounts such as Administrator, Moderator or any other role. These tests can secure your system from the malicious internal activity and show additional systemic vulnerabilities.
Our most advanced includes a full scope of Black and Gray Box tests. Here, our specialists have access to the application source code, so they can to test for deeply rooted vulnerabilities. By analysing technical documentation we eliminate design and logical errors in the application.
During web applications penetration tests we use OWASP TOP 10 (2017) methodology, additionally in White Box model we use OWASP ASVS 3.0/4.0 methodology to verify the correctness of implementation of specific application elements that impact security.
During pen tests of mobile applications, we use OWASP MSTG (1.1.2) methodology for mobile applications, additionally in White Box model we use OWASP MASVS (1.1.4) methodology to verify implementation correctness of specific security-related application elements.