+44 (20) 3807 1999 Order a call

Penetration test

Penetration test (IT-security assessment) — We will simulate the actions of attackers to break into your IT infrastructure and provide recommendations for ensuring a high protection level

Request a Proposal
Our Clients:
Danone Carlsberg Distar Global-mediator VEON (Kyivstar) Colonnade, a Fairfax company Davintoo France Verif Prykarpattya oblenergo Eldorado.UA Urktransgas OTP Leasing St. Paraskeva Medical Center Herz LAPP TEDIS Ukraine BRSM-oil Bukovel
Penetration testing services

Penetration test is a simulation of an intruder's actions to penetrate the Customer's information system.

Thus, the penetration test allows you to identify vulnerabilities in the protection of your network and, if possible, to perform a demonstration hack.

For the successful implementation of the project, the following tasks need to be performed:
  • Gather information and perform scanning;
  • Create a list of penetration scenarios;
  • Exploit vulnerabilities;
  • Develop a list of practical technical and organizational recommendations;
  • Prepare a report.
ALT
Types of penetration testing

XRAY CyberSecurity conducts security assessments in the following areas:

External network penetration testing Pentesting, modeling external attacker
Internal network penetration testing Pentesting, modeling internal attacker

The objects of testing can be both the infrastructure as a whole or individual IT-systems and components:

Network
penetration
testing
Get Quote
Web-application
penetration
testing
Get Quote
Mobile-app
penetration
testing
Get Quote
Social
engineering
pentesting
Get Quote
Wi-Fi
penetration
testing
Get Quote
Your option?
(contact us
to discuss)
Discuss
With XRAY CyberSecurity - you will achieve more:
Pentesting experience: 200+ projects, 10+ years.
Pentesting experience: 200+ projects, 10+ years.
Positive customer feedback is our main argument!
Positive customer feedback is our main argument!
Qualified and certified pentesters.
Qualified and certified pentesters.
We don't sell security products - our recommendations are independent
We don't sell security products - our recommendations are independent.
ALT
The result of the pentest will meet your needs.
Improved methodology and tools for pentesting
Improved methodology and tools for pentesting.
Free retest within 2 months.
Free retest within 2 months.
We will offer the best approach to improving security.
We will offer the best approach to improving security.
ALT ALT ALT ALT
TESTING METHODOLOGY
When conducting a penetration test, we use our own methodology based on our experience and taking into account the approaches of leading standards and global institutes specializing in information security and cybersecurity:
ALT The Penetration Testing Execution Standard
ALT Open Web Application Security Project (OWASP) Testing Project
ALT OSSTMM - The Open Source Security Testing Methodology Manual
ALT A Penetration Testing Model (BSI)
ALT NIST SP 800-115 “Technical Guide to Information Security Testing and Assessment”
ALT ISACA IS auditing procedure «Security assessment–penetration testing and vulnerability analysis»
The result of our testing meets the requirements of:
ALT PCI Data Security Standard (PCI DSS)
ALT ISO/IEC 27001
ALT Resolutions of the NBU

If you need to conduct penetration testing due to additional requirements, such as external regulators or the parent company, please contact us to discuss

Get a consultation
Read more about our approach to perform security assessment (Penetration test):
Project stages
Negotiations
  • NDA signing
  • Clarification of project conditions, scope and limitations terms
  • Creation of a joint project workgroup
  • Rules of engagement signing by the Customer
OSINT
  • Public information analysis
  • Basic network infrastructure analysis
  • Social networks analysis
  • Analysis of vacancies, resumes at HR websites
  • Analysis of tech-forums, etc.
Scanning
  • Port scanning
  • Applications identification
  • OS and Services identification
  • Firewalls, IDS/IPS, Routers identifications
  • Vulnerability assessment (automated scanning and manual analysis)
Planning
  • Analysis of gathered information
  • Development of privilege escalation scenarios
  • Toolkits and Exploits preparation and modification
  • Brute-force wordlist preparation
Exploitation
  • Vulnerability verification and research
  • Password brute-force attacks
  • Identifying of interactions between application
  • Vulnerability validation
  • Evidence collection
  • New attack vectors identification
Reporting
  • Recommendation development and negotiation
  • Providing of the report documents
  • Project debrief
Assessment results:
Findings
Existed vulnerabilities Penetration scenarios Disadvantages of ISMS processes Evidences
Conclusions
Business risks Cybersecurity strategic state Key improvement areas
Recommendations
Vulnerabilities elimination ISMS processes improvements To increase the cybersecurity protection level
The result of the security assessment project is the Penetration Testing Report, which consists of two parts: an Executive Summary and a Technical report.
Order a call
Report contents
Part 1: Executive Summary
  • 1. General information
    • 1.1 Intro
    • 1.2 Project scope
    • 1.3 Methodology and objectives
  • 2. Management report
    • 2.1 Key findings
    • 2.2 Business risks
    • 2.3 Cybersecurity strategic state
  • 3. Recommendations
  • 4. Conclusions
Part 2: Technical Report
  • 5. Technical report
    • 5.1 Information security vulnerabilities
    • 5.2 Scenarios, results and penetration evidences
  • 6. Recommendations
Appex 1 – Auxiliary data
    • 1.1 OSINT Results
    • 1.2 Scanning, exploitation results
    • 1.3 Compromised credentials
    • 1.4 Changes in information systems
*The report structure can be adapted to your requirements
Customer reviews
Review of Carlsberg Ukraine's CIO Carlsberg Ukraine Kravchenko Andrii, CIO
In performing yet another penetration testing project, «XRAY CyberSecurity» demonstrated in-depth skills in assessing information security from both the technical and process sides. The detailed technical and business-oriented reporting was a useful and effective result of the project.
Review of VEON's CIO VEON (Vimpelcom Global Services Ukraine) Bizyaev Ihor, CIO
The entire «XRAY CyberSecurity» team has perfect technical skills, excellent communication and organizational skills, and the ability to see the big picture in the most difficult situations. It was a pleasure to work with «XRAY CyberSecurity», and in particular with Illia. I have no doubt that I'll involve them in penetration testing again and again.
Review of St. Paraskeva Medical Center's Executive Director St. Paraskeva Medical Center Levchenko Dmytro,
Executive Director
It was extremely pleasant and useful to work with the «XRAY CyberSecurity» team on a very sensitive project for our company. The project team demonstrated excellent professional knowledge, as well as a really practical and flexible approach to our needs and expectations at every stage from initiating and defining requirements to presenting the audit results. I would definitely recommend «XRAY CyberSecurity» as a great professional and reliable partner!
Review of Carlsberg Ukraine's IT Security Manager Carlsberg Ukraine Kozlov Ruslan, IT Security Manager
With each joint security assessment project, our company's cybersecurity level is significantly enhanced. Thank you for many years of cooperation and professionalism - many new attack vectors and unexpected testing scenarios help us to eliminate information security deficiencies in a timely manner and ensure business continuity.
Review of Tedis Ukraine's CIO Tedis Ukraine Mahov O.V., CIO
Thank you for the successful completion of the network penetration testing. The developed management and technical recommendations allowed us to improve the cybersecurity of our IT services against external attacks. I definitely recommend «XRAY CyberSecurity» as experts in conducting an IT infrastructure penetration test.
Contact Us