Services

Penetration Testing
Service (Pentest)

Find vulnerabilities across your entire business infrastructure before hackers do! At penetration testing consulting, we will select pentest methods and other custom cybersecurity recommendations for your business.

What is pentest?

Penetration testing as a service is a simulation of a hacker’s actions in order to identify vulnerabilities and assess the security of both external and internal information systems.

Our pen testing specialities detect all kinds of attack vectors that hackers use to gain unauthorized access and break into computer systems.

Our penetration testing as a service give you the opportunity already during the pentest to see your security system through the eyes of a hacker, and you will be fully prepared to prevent a real hacker attack.

Protect yourself with security penetration testing.

Pentest vs hacker attack

How do our pen testing services work?

A hacker tries to hack your system with malicious intent, but a pentester tries to hack your system for the purpose of protection.

One of the goals of hacking attacks that penetration testing companies are fighting against is to illegally take control of information systems.

Hackers prey on sensitive information: personal data, credentials from work and financial accounts, innovative developments, intellectual property, and anything that can bring mainly financial or economic gain.

Pen testing in cyber security is needed to identify vulnerabilities in a system that can be used for attacks of different vectors, thereby minimizing the chances of a successful attack.

WHAT IS PENTEST NEEDED FOR?

Pen testing is necessary to identify vulnerabilities in infrastructure, networks, systems and software before these vulnerabilities are discovered by attackers.
Without regular pen testing, a company may be exposed to various risks as a result of hacker attacks, such as: direct financial losses (theft of money from accounts, lost multimillion-dollar lawsuits, lawyer costs), indirect financial losses (impossibility to conduct business due to non-functioning systems or networks, leaks of personal data, theft of intellectual property), reputational losses, etc.

Penetration Testing

PENETRATION TESTING AS A SERVICE (PTAAS) STEPS:

// step 1

PENETRATION TEST INITIATION

At this stage of pen testing NDA and agreement are signed, working meetings are held to clarify the legal framework, the goals and timelines of manual and automated pen testing, work plan and scoping, as well as the testing method (white-box, gray-box or black-box) and the extent of exploitation of the detected vulnerabilities. For example, you may need web application pen testing, the cost of penetration testing as a service will depend on the scope and complexity of the website.

Penetration test stages
// step 2

RECONNAISSANCE AND OSINT

We collect and analyze information from online search engines and public sources such as social networks, blogs and forums. We investigate, we find e-mail addresses, usernames, associated accounts on external resources and other data that, with certain agreed testing methods, can play a key role in the further successful completion of pentest work.
Also at this stage, we perform a reverse DNS lookup, scan ports, analyze traffic, find subdomains, determine the technologies used, etc.

Penetaration Testing Reconnaissance
// step 3

Threat Modeling

At this stage, we identify targets and potential attack vectors, as well as conduct an in-depth analysis of the data obtained during the reconnaissance and OSINT stage, and structure probable threats into: internal (employees and management, partners and suppliers) and external (web applications, open ports, network protocols and traffic).
Also at this stage, we use automatic scanning tools, in particular, our own development – the CryEye platform, after which the results are processed and analyzed, followed by planning and modeling of further actions.

Penetration Test Threat Modeling
// step 4

Exploitation

After a thorough analysis and validation of all previously obtained results, we determine the possibility of further exploitation of confirmed vulnerabilities.
Then, in accordance with the previously agreed permitted degree of exploitation, we simulate a real attack from a potential hacker.
Depending on the needs of the customer, such attacks can be carried out as: attacks on web applications, networks or Wi-Fi, hardware, social engineering, zero-day vulnerabilities, etc.
When exploiting vulnerabilities, we are guided by technical knowledge, professional experience and intuition, which, combined with manual penetration testing techniques, allows us to identify the maximum number of critical vulnerabilities and minimize the risks and possible consequences of cyber attacks.

Penetration testing
// step 5

RISK ANALYSIS, RECOMMENDATIONS, CLEARING TRACES

Based on the pentest results we, being among all the best penetration testing companies, perform a risk analysis, structure the detected vulnerabilities and develop recommendations on how to fix them.
After that we remove temporary files, created accounts, elevated privileges and other traces of infrastructure or application pen testing, returning the system to its original configuration, or pass information about any significant changes to the customer.

Penetration testing
// step 6

Report

At the final stage, we provide a detailed structured report on the methods used to identify vulnerabilities and exploit them, evidence in the form of data obtained by us, steps to reproduce and screenshots.
The report will also include our suggestions for improving the existing security system to protect your company from cybercriminals.

Penetration Testing Report

Report

Mobile
devices

Enter your contact information and we will send you examples of our reports.

    Security Audit Reports

    Report

    Internal
    network

    Enter your contact information and we
    send you examples of our reports.

      Security Audit Reports

      Report

      Web
      applications

      Enter your contact information and we
      send you examples of our reports.

        Security Audit Reports

        There are three types of Pen testing

        White/black/grey box testing

        Black box

        During Black Box testing, you only provide us with your company name or your website address, and do not provide any additional information about your system’s IT infrastructure, IP addresses, etc. In this case, we find out all the additional information we need on our own. The advantage of this method is that in this way a real situation with an attack by a hacker is simulated. The disadvantages of the Black Box method include the fact that it does not allow you to fully assess the security of your company, since the attacker, as a rule, conducts long-term preparations and reconnaissance. A pentester, unlike a hacker, is limited by rigid time frames.

        White box

        White Box Penetration testing as a service is the complete opposite of Black Box. In this type of testing, you provide us with all the necessary data about the infrastructure, including administrative access to all servers and other information related to the test object. At the same time, your security team is also aware of the pen testing, and testing is more like an independent audit. The advantage of the White Box is the most complete and comprehensive approach to testing that allows you to detect the maximum number of vulnerabilities, since the pentester does not spend extra time collecting information about the object and is fully focusing on the testing process itself. As a drawback, we can note the fact that white box testing is the least close to a real hacker attack.

        Gray box

        When testing with the Gray Box method, you tell us only some of the initial parameters of the test object. At the same time, in order to reduce the time of testing and to best direct our efforts, we may periodically request additional information from you necessary during the testing process.
        The Gray Box Penetration testing as a service combines the advantages of White Box and Black Box, while maintaining a fairly close resemblance to the actions of a real hacker.

        External Penetration Testing

        External pentest

        The external penetration testing as a service foresee evaluation of company’s external security perimeter effectiveness: detection, control and prevention of cyberattacks, vulnerability detection in resources accessible from the outside network (web application penetration testing, testing of websites and Web servers, FTP servers, email servers, etc). CQR compares favorably with the external penetration testing companies, and has innovative pentest technologies, which you will learn about at the consultation.

        Internal Penetration Testing

        Internal Pentest

        The purpose of the internal penetration testing as a service is to check a company’s protection against cyberthreats in case a hacker gains access to its internal network. It also evaluates the possibility of systems being compromised by malicious employees and as a result of unintentional or careless actions by company personnel.

        Wi-Fi hotspot testing

        Wi-Fi hotspot testing

        This type of work will also be of interest to those who want to check the security of their Wi-Fi access points and wireless data transmission technologies.

        Active Directory Audit and Pentest

        CQR specialists in addition to pentest conduct Active directory audit using their own methodology and individual approach to building an attack plan.

        Active directory audit
        Active Directory Audit and Penetration Testing

        Our cyber security certifications

        Cybersecurity certification
        Offensive Security Certified Professional Certification
        Offensive Security Web Expert Certification
        Offensive Security Exploitation Expert Certification
        Systems Security Certified Practitioner Certification
        Information Technology Certifications
        Certified Ethical Hacker Certification
        Certified Ethical Hacker Master Certification

        Our experts regularly take certifications and trainings in cybersecurity. We use unique methodologies and full automation to identify vulnerabilities using the CryEye engine which includes more than 1500 audits.

        Interesting
        to know

        Penetration Testing
        1

        All our pentests are carried out exclusively according to our private methodologies, which are completely dependent on technologies and services for the target specified in the scope.

        2

        In all projects, we use full automation and manual work of our specialists, thereby covering all possible vulnerabilities in the system from different angles.

        3

        It is worth considering that each of our audits is carried out exclusively using our development – CryEye – the product developed by our company. This is a complete, automated and multifunctional platform for managing projects and finding all possible technical vulnerabilities in them, which can be covered using the tools built into CryEye.

        PENTEST OPTIMIZATION THROUGH AUTOMATION

        CRYEYE

        Our CryEye platform gives huge advantages in penetration testing by expanding the definition of possible attack vectors. By following integrated methodologies, Cryeye covers all potential vulnerabilities that can be detected automatically, which saves time for specialists, allowing them to focus more on finding more complex vulnerabilities through manual analysis.

        About Cryeye
        CRYEYE Penetration Testing logo

        Order
        service

        PENTEST

          Other Services

          Ready to secure?

          Let's get in touch