Penetration Testing

Web and server/desktop application penetration testing

Web and server/desktop application security testing offered by dots. is carried out and documented according to the OWASP (Open Web Application Security Project) and other relevant guidelines.

Testing is done in multiple phases and usually entails the following as a minimum: 

  • Information gathering,
  • Application structure and functionality enumeration,
  • Configuration and deployment,
  • User identity management,
  • Authentication mechanism(s), 
  • Authorization schema, 
  • Session management, 
  • Data input validation (i.e. – injection vectors), 
  • Use of cryptography where applicable, 
  • Business logic verification,
  •  Client-side vulnerabilities (e.g. – XSS).

IT Infrastructure penetration and/or security testing

IT network infrastructure Penetration Testing (LAN/WAN/WLAN). Internal and/or external networks can be tested, including Wi-Fi.

Internal LAN network security testing can be also performed on premise or through VPN (we have access to network). In this scenario we can simulate potential threats, that could be performed by your employees.

Mobile application penetration testing

We can run Android & iOS platform supported application penetration testing. It is highly recommended to perform tests for mobile applications, as they are widely used and is important target to hackers.

Testing Options

Black-Box penetration testing - Black-Box testing can be executed on Your IT infrastructure or/and application. In this scenario our testers act as attacker from outside without any knowledgebase (except the one that is available publicly) regarding “target - victim” system.

Gray-Box penetration testing - By performing Gray-Box testing, our testers have some official information about system/environment/application. An example, full/part architecture information or access to the internal account. In this scenario we focus more how the potential threats can be exploited, if attacker has already access to your system.

White-Box penetration testing - Next level of Gray-Box testing. Tester has all information & documentation about target system, including source code (if target is application).

Let's protect.

We are happy to share our knowledge, experience and expertise. Let us know what you need, and we will contact you directly.