Penetration testing (aka. pentesting) is a security exercise where a security expert attempts to find and exploit vulnerabilities in a computer system. This simulated attack aims to identify weak spots that cyber-criminals could take advantage of.
A penetration test can be delivered in different flavors. The difference lies in the amount of information provided, which the client shares with the pentester. The flavors are either black-box (no information), grey-box (some information), or white-box (all the relevant information, incl. configurations, source code, and diagrams).
The most common use cases are:
Together with the client's project team to discuss and finalize the scope.
According to the offer and the details from the kick-off meeting, we test the customer's systems for vulnerabilities.
We write a detailed report, including a management summary, clear explanations for all findings, and remediation measures.
Together with the customer's project team, we discuss the report and all findings in detail.