Penetration test

Penetration test (IT-security assessment) — We will simulate the actions of attackers to break into your IT infrastructure and provide recommendations for ensuring a high protection level

Request a Proposal
Our Clients
Penetration testing services

XRAY CyberSecurity will simulate different attacker types,
depending on the knowledge level about the target objects

BlackBox Pentesting BlackBox — Zero Knowledge
GreyBox Pentesting GreyBox — Partial Knowledge
WhiteBox Pentesting WhiteBox — Full Knowledge

The objects of testing can be both the infrastructure as a whole or individual IT-systems and components

With XRAY CyberSecurity - you will achieve more
Pentest fulfills the requirements of ISO 27001, PCI DSS, SOC 2, HIPAA etc.
Pentest fulfills the requirements of ISO 27001, PCI DSS, SOC 2, HIPAA etc.
Free retest within 2 months.
Free retest within 2 months.
Check our customers reviews - our main argument!
Check our customers reviews - our main argument!
Improved methodology and pentesting tools.
Improved methodology and pentesting tools.
We don't sell security products - our recommendations are independent.
We don't sell security products - our recommendations are independent.
Certified pentesters – OSCP, BSCP etc.
Certified pentesters – OSCP, BSCP etc.
15+ years of experience, hundreds of assessments.
15+ years of experience, hundreds of assessments.
Practical recommendations with clear instructions.
Practical recommendations with clear instructions.
TESTING METHODOLOGY
Penetration testing methodology used is based on 15+ years of experience, best practices, and leading standards in cybersecurity assessment
NIST SP 800-115 Technical Guide to Information Security Testing and Assessment NIST SP 800-115 “Technical Guide to Information Security Testing and Assessment”
The Penetration Testing Execution Standard The Penetration Testing Execution Standard
Open Web Application Security Project Testing Guide Open Web Application Security Project Testing Guide

If you need a Pentest taking into account specific requirements, for example, from counterparties or the parent company — contact us, we will handle it!

Get a consultation
Pentest stages
Negotiations
  • NDA signing
  • Clarification of project conditions, scope and limitations terms
  • Service contract signing
  • Creation of a joint project workgroup
  • Rules of engagement signing
OSINT
  • Public information analysis
  • Basic network infrastructure analysis
  • Analysis of social networks, employees
  • Analysis of technical resources, forums, etc.
  • Search for compromised credentials
Enumeration & Scanning
  • Port scanning
  • Identification of services, applications and operating systems
  • Identification of network equipment and implemented security controls (waf, ips, ids, etc.)
  • Automated vulnerability scanning
  • Manual vulnerability identification
Attacks planning
  • Analysis of gathered information
  • Brute-force userlists & passlist development
  • Vulnerabilities verification and research
  • Development of compromise & privilege escalation scenarios
  • Toolkits and Exploits preparation, modification
Exploitation
  • Password brute-force attacks
  • Vulnerabilities exploitation
  • Chaining vulnerabilities in an attack scenarios to demonstrate the business impact of a compromisation
  • Identifying of application interactions and additional architectural or logical vulnerabilities
  • New attack vectors identification
Reporting
  • Recommendations development and negotiation
  • Providing of the report documents
  • Project debrief
  • Free Re-test to check the elimination of vulnerabilities (within 2 months)
Pentest results
Findings
Existed vulnerabilities Penetration scenarios Disadvantages of management procedures Evidences
Conclusions
Business risks Cybersecurity strategic state Key improvement areas Certificate of pentest
Recommendations
Vulnerabilities elimination Management procedures improvements Increasing the overall cybersecurity level
The result of the security assessment is the Penetration Testing Report, which consists of two parts:
an Executive Summary and a Technical Report.
Order a call
PENTEST REPORTING
Part 1: Executive Summary
  • 1. General information
    • 1.1 Intro
    • 1.2 Project scope
    • 1.3 Methodology and objectives
  • 2. Management report
    • 2.1 Key findings
    • 2.2 Business risks
    • 2.3 Cybersecurity strategic state
  • 3. Recommendations
  • 4. Conclusions
Part 2: Technical Report
  • 5. Technical report
    • 5.1 Cybersecurity vulnerabilities
    • 5.2 Scenarios, results and penetration evidences
  • 6. Recommendations
    • 6.1 Management recommendations
    • 6.2 Technical recommendations
  • 7. Appex 1 – Auxiliary data
    • 7.1 OSINT Results
    • 7.2 Scanning, exploitation results
    • 7.3 Compromised credentials
    • 7.4 Changes in information systems
*The report structure can be adapted to your requirements
Customer reviews
Contact Us
Last name, first name*
Company
Phone *
E-mail *
Message
© 2011-2024 — XRAY CyberSecurity