Find & Fix Your Vulnerabilities Before Hackers Exploit Them
What Happens When You Contact us
Our Penetration Testing Services Help you Prevent Costly Incidents
Network Penetration Testing
Internal, External, Red team, Vulnscan, Firewall audit, etc.
Webapp, Website, API, SaaS, Mobile App (IOS/Android) etc.
AWS, Microsoft Azure & Google Cloud, PaaS, IaaS, etc.
SCADA / ICS Penetration Testing
Industrial Networks • Segmentation IT/OT • PLC Controllers • IOT • etc.
Advanced Phishing Campaign • Targeted Phishing • etc.
IoT / Smart Devices
Retail • Medical • Transport • Hospitality • etc.
We Provide Quality Reports That Fix Your Vulnerabilities
Executive summary presenting the main findings, recommendations and risk management implications in a clear and non-technical language.
Technical details required to properly understand and replicate each vulnerability (e.g.: screenshots, HTTP requests/responses, etc.). Recommendations to mitigate and fix the identified vulnerabilities
At the end of the project, you will be provided with an attestation certifying that penetration tests have been performed by experienced professionals using recognized methodologies and standards. This document will allow you to meet compliance and regulatory reporting requirements efficiently and with minimal overhead.
Frequently Asked Questions
The price of a penetration test varies significantly based on several factors. For this reason, there is no established price range for this type of assessment. Each project is tailored to your objectives and the size of your technological environment. Because of the unique nature of each environment, the scope must be determined before the cost can be established.
Here are the main factors that can affect the cost of a penetration test:
- Scope of the project. (Nb. of targeted IPs, Nb. of features in the app, etc.)
- Performed in a production or development environment.
- Type of test. (Network, Application, SCADA, etc.)
- Testing approach. (Automated or manual approach)
- Objectives. (Compliance, best practices, etc.)
Conducting a penetration test with certified professionals is one of the main requirements requested by third parties for security compliance (partners, insurers, etc.), as well as regulatory standards such as PCI-DSS or SOC 2.
Our services will provide evidence, through a technical report and an official attestation, that you’ve conducted a professional penetration test with a recognized and independent supplier.
Our Pentest reports have helped hundreds of organizations across all industries to successfully meet security requirements (insurers, partners, providers, etc.).
Absolutely! Retests are included in all of our pentests at no additional charges. We will retest the vulnerabilities identified during the initial test to validate the implementation of our recommended corrective measures. We also provide an attestation, an official document certifying that pentests have been performed by certified professionals and that previously identified vulnerabilities have been successfully fixed.
This will allow your organization to meet regulatory compliance requirements, or to comply with third-party requests, while ensuring that no additional vulnerabilities have been introduced during the implementation of the corrective measures.
Here are some common use cases for a pentest:
- As part of the development cycle of an application. (To test the security of a new feature/app)
- To comply with security requirements. (3rd-parties, PCI, ISO27001, etc.)
- To secure sensitive data from exfiltration.
- To prevent infections by malware. (Ransomware, spyware, etc.)
- To prevent disruptive cyberattacks. (Such as denial of service)
- As part of a cybersecurity risk management strategy.
Reach out to a specialist to find out how early your project could kick-off.
The time required to successfully execute a penetration test depends on the scope and type of test. Most penetration tests can be performed within a couple of days, but some can span over several weeks, sometimes even months depending on the complexity of the project.
Generally, we are able to provide a proposal within 24 to 48 hours after receiving the scope. If your project is time-sensitive, we can provide a proposal within a shorter delay.
The impact of our tests can rarely be perceived by our clients, as we limit the use of tools that could for example cause down times or pollute the database. Various steps are also taken over the course of the project to prevent the potential impact of our tests on the stability of your technological environment and the continuity of your business operations.
For this reason, a communication plan will be put in place at the beginning of the project to prevent and mitigate any potential impact. A representative of your organization will be identified to act as the main point of contact to ensure rapid communication in the event of a situation directly impacting the conduct of your daily operations, or if any critical vulnerabilities are identified, for which corrective measures need to be implemented quickly.
We Use Manual Testing Methodologies
- Open Web Application Security Project (OWASP)
- Open Source Security Testing Methodology Manual (OSSTMM)
- MITRE ATT&CK Penetration Testing Framework
- NIST SP 800-115 Technical Guide to Security Testing
- Penetration Testing Execution Standard (PTES)