Astronaut

Penetration Testing

What is penetration testing?

A penetration testing, also called pentest, is an authorized simulated attack exercise conducted by our qualified security expert who attempts to find and exploit vulnerabilities in a computer system. The testing involves manual process supplemented with automated tools to identify vulnerabilities from outside or within the network. Bearing independence, our expert performs the ethical hacking with little or no-prior knowledge about the system or the application in order to have a close-to-real-life situation. The purpose of the pentest is to assess the security posture of your environment and come up with recommendations to mitigate any potential cybersecurity risks.

When do you need a penetration testing?

 

Besides meeting compliance needs (such as PCI DSS, HKMA CFI), a company may want to use pentest to check the effectiveness of its existing security controls against an active, human and skilled attacker. We recommend a pentest to be performed once a year or as and when needed in situations, including but not limited to:

  • Adding new network infrastructure or applications

  • Making significant upgrades to infrastructure or applications

  • Establishing an office in a new location

  • Applying security patches

  • Validating new controls post security incident

Our Methodology

During the planning phase, we define the scope, the objectives and the success criteria of the pentest together with our clients. Moving to the reconnaissance phase, we spend time gathering data and information to prepare for the testing.  We use a variety of commercial and open source tools and technical skill sets to identify any potential vulnerabilities and attempt to exploit them. A risk analysis will then be performed by considering both the probability of a threat event given a vulnerability and its adverse impact on its business operations or the confidentiality, integrity and availability of the data resulting from a successful exploitation.

Our penetration testing methodology builds on Open Source Intelligence (OSINT) and Open Source Web Application Security Project (OWASP).

Planning
Reconnaissance
Vulnerability
Identification
Vulnerability
Exploitation
Risk Analysis
Reporting
Our Deliverables

  • A presentation (either remote or physical) of findings.

  • A final report includes executive summary, scope, findings, evidence and recommendations. 

  • A retest can be offered after remediation (optional).

Contact Us

Please fill in the form below and we will get back to you as soon as possible.

Pentastic Security Limited

11/F Admiralty Centre Tower 2

18 Harcourt Road, Admiralty

Hong Kong

Tel: +852 5608 0238

Email: info@pentastic.hk

linkedin_logo.png

Copyright 2020 @ Pentastic Security Limited.      Privacy policy    Disclaimer

Powered by WiX