Manual Penetration Testing
During this step we provide you with a questionnaire that helps us to get an overall picture of your product. Questions include but are not limited to the following list:
- What is the surface of the testing?
- What are the expectations?
- Blackbox or Whitebox?
- Who are the Contacts?
- What is the Schedule? and so on.
Defining the testing scope
Based on the data collected in the first step we craft a penetration testing plan. The plan includes phases with estimated action items.
The scope structure includes attack vectors, detectability, technical impacts, business impacts, etc., allowing clients to choose the best valuable combination of tests. Such a plan helps the parties to meet expectations and track progress.
Manual penetration testing
For each client we select and configure a set of tests and tools based on the needs and according to the plan. Once all preparations are done, our security experts start manual penetration testing.
It's a recurrent process that begins from detecting the most critical issues. Testing is performed according to the schedule and only on the allowed environment.
Depending on the agreement, found issues are reported to the client immediately or in a summary report. The report has the following structure: executive summary, general recommendations, attack narratives, detailed results, etc.
All identified vulnerabilities and recommended corrective methods are listed in this report. A follow up call can be made if needed.