🇬🇧

Penetration Testing

Our consultants combine manual and automated testing with code reviews in order to achieve excellent coverage of your system under test. We generally perform our testing in a white-box fashion in order to ensure a cost-effective relationship with our clients.

The anatomy of a penetration test

Although the technical details vary depending on the system under test and the target of the test, the process is the same:

  • Scoping of the target and planning is done closely together with the customer. The scope can focus on very specific functionality to identify hard-to-find issues or be broad to cover common issues in a large attack surface. The scope and planning is tailored to the maturity of the system under test and the customer needs. Access and availability to systems and hardware are also considered.
  • Startup meeting is held with the customer to kick-off the testing, hand over access and any hardware or other information needed.
  • Information gathering and reconnaissance is performed to understand more about the system under test and to tailor the coming test.
  • Testing consists of multiple activities which can for example be discovery, scanning, vulnerability assessment, exploitation (post-exploitation), final analysis and review. This is when we challenge the system under test.
  • Reporting and presentation of the results are done with the goal to enable improvements of the customer's security. After the report is handed over to the customer, a debriefing presentation is held to showcase and discuss the findings with the customer and interested parties.

The goal of the penetration test is to make security easy and understandable for you and your colleagues, to be aware and take active decisions on improving security.

You will recieve a written report and a presentation during a debrief session detailing the findings, including risk rating and recommended actions for mitigation. We describe the tools used, how the test was performed and the reasoning behind the findings and the risks. Any useful scripts for testing can be handed over. The information we provide can be used to strengthen and improve the security posture of your assets.

Some of our customers use the testing outcome to learn and to improve their own security testing. If there are specific competence gaps we also offer trainings stretching from general introductions to hands-on hacking sessions with your developers and testing teams.

Get in touch to inquire about a penetration test with our experienced team.

Frequently Asked Questions

  • A penetration test is an authorized, simulated cyber attack on a computer system (embedded and vehicles included), network, or application. Most often the penetration testers are well informed of the system under test, has access to source code and are in contact with the systems' owners to provide correct and detailed results in a short time.

    A penetration test could have an element of physical presence at the customer's premises and could be performed with different levels of awareness, depending on the scope of the test.

  • Investing in cybersecurity through penetration testing is a way to protect business, customers and valuable data. For some companies and systems it is also about regulations and safety, to ensure operations for critical infrastructure, to reduce theft in financial systems or road worthiness of vehicles. A penetration test's primary goal is to evaluate the security of the system under test. This is done by identifying weaknesses (vulnerabilities) in the target's configuration and/or implementation.

  • It can be performed in several stages of the development and release cycles, for example when a new feature is implemented or a new system is about to be deployed. It all depends on the target, its life-cycle and applicable requirements. Penetration tests can also be performed on older systems to asses the security and clarify risks. Any vulnerabilities that are mitigated benefit from a verification test to confirm the solutions and investigate any new vulnerabilities or risks.

  • The outcome of a penetration test is, in addition to an extensive report, a better understanding of your security posture and expert recommendations on how to improve it.

    After a penetration test we offer verification tests to affirm mitigation of previously found vulnerabilities, as well as advisory services and training to improve the overall security.