Contact
UK - Headquarter
Staverton Court, Staverton, GL51 0UX Gloucestershire, United Kingdom
Menu
Penetration
Test
2.0
Critical vulnerabilities identified in different technological solutions, developed by large, medium and small companies, such as Google and Xerox
Vulnerability identified and registered by our team in the Common Vulnerabilities and Exposures (CVE)
+
0
Countries where we deliver Penetration Testing 2.0, for companies of different sectors and sizes
+
0
e-commerces analyzed, with critical vulnerabilities that allowed leakage of personal data and confidential information. As well as non-compliance with data protection laws
All organizations, regardless of their size and industry, are vulnerable to cyberattacks. Cybercriminals can carry out attacks against any type of technology, whether due to the nature of the data they store (personal, financial data, among others), with the aim of carrying out digital fraud, impacting a company's brand image or carrying out attacks of greater scale.
Based on this, we created our Penetration Test 2.0 product, which follows the steps below
Process Steps
01
Business
analysis
First, we carry out an analysis of the business(s), objective(s), expectation(ies), as well as information that may support a deeper technical analysis.
02
Information gathering with IO Leak - Data Monitor
With our solution IO Leak Data Monitor we look for vulnerabilities in the environment that could allow data leak, as well as other previously published data leaks that may support the vulnerability analysis process
03
Vulnerability
Analysis
Analyzes of vulnerabilities identified through IO Leak and other manual analyzes will be carried out by our specialists, excluding false positives
04
Exploitation
Based only on the vulnerabilities identified, they are explored, thus identifying the level of exposure of personal and corporate data and the respective cyber and privacy risks.
05
Privacy Assessment
In addition to identifying technological vulnerabilities, non-compliance with data protection laws and regulations is also identified and legal impacts are contextualized.
06
Report and correction support
A technical report and executive presentation are prepared and presented. As well as a close technical monitoring of the teams responsible for the correction will be carried out.
Some of our technical analysis
Web Applications
API
Infrastructure
Mobile Applications
IOT Devices
Type of tests
White Box
Realized with total knowledge of the asset(s) to be analyzed, such as logical topology, access credentials, interviews, among other details. Allowing to perform deeper and more detailed analyses.
Grey Box
Realized with little knowledge of the asset(s) to be analyzed, such as access URL, IP, read access credentials, among other superficial details.
Black Box
Realized without any knowledge of the asset(s) to be analyzed, only the company name or basic information is provided to limit the scope of the analysis.
The benefits
- Identify vulnerabilities that could allow personal and/or confidential data leak;
- List the vulnerabilities of a specific asset or the organization;
- Demonstrate the ability of a cybercriminal to impact the company's business;
- Test the effectiveness of implemented intrusion detection tools, if applicable, as well as the responsiveness of technical experts during an attack;
- Prevention of financial losses and digital fraud;
- Compliance with data protection laws and regulations.
