Security audit
A security audit (penetration testing) is a controlled exercise that looks for weaknesses in your systems. Our specialists examine your infrastructure or application the way a hacker would, pinpointing possible entry points.
We specialize in two testing approaches
Timeline & deliverables
A typical engagement runs 2–4 weeks. You receive a clear report and practical security recommendations. Once you have fixed the issues, we retest to confirm everything is secure.
We specialize in two testing approaches
- Black-box: testers rely only on publicly available information - exactly what an outsider would see.
- Gray-box: testers receive limited insider details, such as a user login or a brief system overview, to simulate an attacker with partial access.
Timeline & deliverables
A typical engagement runs 2–4 weeks. You receive a clear report and practical security recommendations. Once you have fixed the issues, we retest to confirm everything is secure.
Blackbox testing - an assessment method for infrastructure or software in which the tester has no access to source code and no insight into the system’s internal architecture.
We receive only the target’s IP addresses or domain names; from that point we act as external attackers - gathering open information and attempting to breach the defences.
We receive only the target’s IP addresses or domain names; from that point we act as external attackers - gathering open information and attempting to breach the defences.
Graybox testing - an assessment approach in which the tester receives limited knowledge about the target system. This may include user credentials for a web application, or select details about the software stack and infrastructure architecture.
For web-application engagements, we typically work with standard user-level access only, simulating an attack launched from a legitimate account.
For web-application engagements, we typically work with standard user-level access only, simulating an attack launched from a legitimate account.
Whitebox testing - also called structural testing - entails a detailed review of source code. The tester has full code access and can examine logic, algorithms, and architecture.
We generally do not perform white-box assessments, focusing instead on black-box and gray-box methods.
We generally do not perform white-box assessments, focusing instead on black-box and gray-box methods.
Depending on your goals, we assess:
- Servers - mail, file-sharing, directory, web, and other critical services
- Employee workstations
- Whole networks
- Public websites
- Web applications
- Mobile apps
Our standard tests identify vulnerabilities without impairing normal operations. If you need a more realistic scenario, we can discuss - and explicitly agree on - the acceptable level of impact, up to and including controlled destructive exploits.
Testing duration varies with the size and complexity of your system. For standard websites and small web applications, the engagement typically lasts 2–4 weeks.
Pricing depends on the scope of work. As a guideline, a baseline assessment of a simple system or infrastructure starts at $5000.
Check your organization
Order an independent audit to ensure that hackers have no chance to compromise your digital assets.
