Our services
Penetration Test
Our Penetration Test service is characterized by its realistic features in the simulation of a cyber-attack, by finding and identifying real vulnerabilities, and testing the defense systems of your organization.
We analyze and perform an extensive vulnerability exploitation of the organization's entire infrastructure, including network equipment, servers, workstations, and any other device connected to the network. This enables the improvement of the integrity, confidentiality and availability of assets.
Our professionals use the most advanced tools and techniques in the art of cybersecurity through the Ethical Hacking approach, in which we proceed from the viewpoint of an attacker whose main goal is to access confidential or sensitive information.
Why should you perform a penetration test?
-
Find vulnerabilities and repair them before an attacker finds them.
-
We work closely with the IT Department to determine the resources required for vulnerability mitigation.
-
We offer a second opinion on systems security.
-
International regulations, for example the PCI-DSS (Payment Card Industry Data Security Standard), require external audits regularly.
-
Revisar la seguridad de un software antes de su puesta en marcha.
Methods
We offer this service, depending on the client's requirements, in the following modalities
We work without information about the infrastructure we audit, exactly how an external attacker to the organization would perform.
We work with the entire information at our disposal. For example, programs source code and internal structure information.
This is an intermediate method between the ones described above, in which the client provides us with partial information.
- It prevents
» Loss of confidential information
» Business interruption.
» Financial loss due to fraud or defamation.
- Benefits:
» Risk reduction.
» IT security investment evaluation.
» Client associate and third-party protection.
- Stages of the audit:
» Information gathering
» Vulnerability Identification
» Exploit
» Privilege escalation
» Persistence
- Methodologies employed:
» OSSTMM
» OWASP
- Auditing Experience:
» Web and Mobile Applications
» Data services, such as SQL
» Payment System
» Corporate Networks
» Physical Security and Monitoring Devices (cameras, DVR, sensors)
» Network connection devices (routers, Wi-Fi access points, switches)
» Cloud Services (for example, Amazon and Azure)
» Container Technologies (Docker, LXC)