Offensive security often starts with a penetration test. Because we understand that you want to know if and where your organization is vulnerable. Of course, we look at what is important to you. Your crown jewels. It is the mission of our hackers to gain insight into the security status of your IT. And then translate that into clear insights and concrete points for improvement.
Approach and services
We carry out penetration tests on all kinds of IT components. From web applications and mobile applications to complete data centers. But we also do not turn back for factory automation and IoT.
Depending on the attacker perspective that is important to your organization, we receive the necessary information prior to the test. In blackbox penetration tests, we only need information to delineate the scope of the test. But if malicious users pose the greatest risk to your organization, we do greybox testing with credentials and/or additional documentation. We can also perform whitebox tests, in which we gain full insight into, for example, the source code or server configuration. We are happy to discuss with you which perspective best suits your organization.
But we do not stop at testing. Our hackers report the vulnerabilities in a clear report. So that it is clear to everyone what functional improvement points there are. And if you wish, we present the results at every level within the organization.
We have been carrying out penetration tests and providing IT security advice for more than 10 years. In the last 12 months alone more than 150 times. We do not go through lists and we do not tick off dots. We deliver custom work. For example, with our periodic Offensive as a Service. And we offer educational services like Capture-the-Flag hacking contests. Because only in this way can we deliver added value.
External Attack Surface
Through a penetration test on the external attack surface, we investigate how an attacker can gain access to your network. Examples of techniques are conducting phishing campaigns, testing WiFi networks, physically placing drop devices in the network, collecting open source intelligence and performing vulnerability scans on your external infrastructure.
Penetration testing on internal networks provides insight into the next steps of an attacker with access to the network. This can concern regular office automation networks, but also extra secure networks, such as those used for Supervisory Control and Data Acquisition (SCADA) systems or other Industrial Control Systems (ICS).
Penetration tests on individual applications provide an in-depth insight on the security level of (customized) applications. We provide advice on vulnerabilities in custom code, unsafe use of development frameworks and unsafe configuration of applications and underlying infrastructure. Think of penetration tests on web applications, APIs, mobile applications and Mendix applications.
Hardware and images
Are you launching your own Internet-of-Things (IoT) device, are you about to roll out new images for your workplaces, or do you want to periodically test your point-of-sale systems? We help you implement this in a secure way.
Offensive as a Service
With Offensive as a Service (OaaS) we provide a program in which we periodically perform testing activities. Whether you want to have the same environment tested monthly, choose to have a broad surface tested over several quarters or want penetration tests to match sprints, we cater to your needs.
A creative hacker sees potential opportunities for abuse everywhere. This makes it practically impossible to list all possible penetration tests. Do you have another issue that you would like a hacker to take a look at? We are happy to look at the possibilities together and what we can do for you.