Why get a Penetration Test?
Penetration testing is designed to expose any vulnerabilities in your defence before it’s too late. We work with HackerOne’s team of experienced and Offensive Security Professional (OSCP) certified experts who conduct the test to provide insight in vulnerabilities in your IT environment or web application.
Our Penetration Test report provides a clear rating of findings based on the industry standard Common Vulnerability Scoring System (CVSS3), and reports containing reproduceable results, evidence, risk assessments and actionable advice.
How does it work?
Security experts from HackerOne will work with you to determine any specific research questions and the right scope for the penetration test. Besides this we use industry standards such as the Open Web Application Security Test (OWASP) testing guide and the MITRE attack framwork as the basis for our tests. This ensures that any relevant vulnerability will be exposed.
Part of the scope is the degree of depth. In a blackbox test, trained professionals investigate which vulnerabilities a malicious person can exploit without any prior knowledge. In a graybox test, the professionals conducting the test has the same access rights as a normal user of the system. In a whitebox test, the source code and configuration of your systems also get examined.
The result of a penetration test is an in-depth report. For each finding, we determine the risk of vulnerability using the CVSS 3.0 methodology – this helps you to prioritize the outcomes.
We provide each finding with a detailed description that allows your specialists to reproduce our results and with advice on how to correct the vulnerability.
We can perform the Penetration Test once or periodically to ensure your defence is secure.