Penetration test

Penetration test (IT-security assessment) — We will simulate the actions of attackers to break into your IT infrastructure and provide recommendations for ensuring a high protection level

Request a Proposal
Our Clients:
Penetration testing services

Penetration test is a simulation of an intruder's actions to penetrate the Customer's information system.

Thus, the penetration test allows you to identify vulnerabilities in the protection of your network and, if possible, to perform a demonstration hack.

For the successful implementation of the project, the following tasks need to be performed:
  • Gather information and perform scanning;
  • Create a list of penetration scenarios;
  • Exploit vulnerabilities;
  • Develop a list of practical technical and organizational recommendations;
  • Prepare a report.
Types of penetration testing

XRAY CyberSecurity conducts security assessments in the following areas:

External network penetration testing Pentesting, modeling external attacker
Internal network penetration testing Pentesting, modeling internal attacker

The objects of testing can be both the infrastructure as a whole or individual IT-systems and components:

With XRAY CyberSecurity - you will achieve more:
Pentesting experience: 200+ projects, 10+ years.
Pentesting experience: 200+ projects, 10+ years.
Positive customer feedback is our main argument!
Positive customer feedback is our main argument!
Qualified and certified pentesters.
Qualified and certified pentesters.
We don't sell security products - our recommendations are independent
We don't sell security products - our recommendations are independent.
The result of the pentest will meet your needs.
Improved methodology and tools for pentesting
Improved methodology and tools for pentesting.
Free retest within 2 months.
Free retest within 2 months.
We will offer the best approach to improving security.
We will offer the best approach to improving security.
When conducting a penetration test, we use our own methodology based on our experience and taking into account the approaches of leading standards and global institutes specializing in information security and cybersecurity:
ALT The Penetration Testing Execution Standard
ALT Open Web Application Security Project (OWASP) Testing Project
ALT OSSTMM - The Open Source Security Testing Methodology Manual
ALT A Penetration Testing Model (BSI)
ALT NIST SP 800-115 “Technical Guide to Information Security Testing and Assessment”
ALT ISACA IS auditing procedure «Security assessment–penetration testing and vulnerability analysis»
The result of our testing meets the requirements of:
ALT PCI Data Security Standard (PCI DSS)
ALT Resolutions of the NBU

If you need to conduct penetration testing due to additional requirements, such as external regulators or the parent company, please contact us to discuss

Get a consultation
Project stages
  • NDA signing
  • Clarification of project conditions, scope and limitations terms
  • Creation of a joint project workgroup
  • Rules of engagement signing by the Customer
  • Public information analysis
  • Basic network infrastructure analysis
  • Social networks analysis
  • Analysis of vacancies, resumes at HR websites
  • Analysis of tech-forums, etc.
  • Port scanning
  • Applications identification
  • OS and Services identification
  • Firewalls, IDS/IPS, Routers identifications
  • Vulnerability assessment (automated scanning and manual analysis)
  • Analysis of gathered information
  • Development of privilege escalation scenarios
  • Toolkits and Exploits preparation and modification
  • Brute-force wordlist preparation
  • Vulnerability verification and research
  • Password brute-force attacks
  • Identifying of interactions between application
  • Vulnerability validation
  • Evidence collection
  • New attack vectors identification
  • Recommendation development and negotiation
  • Providing of the report documents
  • Project debrief
Assessment results:
Existed vulnerabilities Penetration scenarios Disadvantages of ISMS processes Evidences
Business risks Cybersecurity strategic state Key improvement areas
Vulnerabilities elimination ISMS processes improvements To increase the cybersecurity protection level
The result of the security assessment project is the Penetration Testing Report, which consists of two parts: an Executive Summary and a Technical report.
Order a call
Report contents
Part 1: Executive Summary
  • 1. General information
    • 1.1 Intro
    • 1.2 Project scope
    • 1.3 Methodology and objectives
  • 2. Management report
    • 2.1 Key findings
    • 2.2 Business risks
    • 2.3 Cybersecurity strategic state
  • 3. Recommendations
  • 4. Conclusions
Part 2: Technical Report
  • 5. Technical report
    • 5.1 Information security vulnerabilities
    • 5.2 Scenarios, results and penetration evidences
  • 6. Recommendations
Appex 1 – Auxiliary data
    • 1.1 OSINT Results
    • 1.2 Scanning, exploitation results
    • 1.3 Compromised credentials
    • 1.4 Changes in information systems
*The report structure can be adapted to your requirements
Customer reviews
Contact Us