What is a pentest?
In a penetration test, also known as a pentest, our ethical hackers use all kinds of tools to gain access to your systems, websites and/or individual devices by using vulnerabilities. Only systems that were determined in the preliminary assessment are included in the pentest.
No situation is the same. Our ethical hackers’ expertise makes the difference between finding “standard” vulnerabilities and vulnerabilities that are unique to your situation.
Besides automated scanners, we specifically use our pentesters’ expertise. They will personally try to penetrate your application or network. Which ports are open, what information can be extracted from these, and do exploits exist for the software in question? Programming mistakes, rights checks, or the possibility to take over sessions are part of the testing process. The websites/applications are always checked via the OWASP 2017 method. This means that the web application will be tested on the 10 most important types of vulnerabilities.
Get hacked by appointment
Together with our team the scope of the research is determined. Depending on your desires and expectations of the test, our security consultants can do the test on location. After the test is complete, you will receive a clear report in which we indicate the exact vulnerabilities, with proof, and how to solve them.
A penetration test can be done at various moments. For example, when you installed a new application or system. But periodically testing your systems to preemptively check and improve your security is also possible.
Why a pentest?
Een pentest levert inzichten waarmee een organisatie de informatiebeveiliging kan versterken. Zo kan het de kwetsbaarheden van een nieuwe server, webapplicatie of website in kaart brengen. In andere gevallen kan het waardevol zijn om een goed beeld te verkrijgen van het algehele beveiligingsniveau van de organisatie.
Be one step ahead of hackers
Maintain control over digital infrastructure
Advance compliance (GPDR, ISO27001)
Our ethical hackers have years of experience in the field of cyber security. Networking4all distinguishes itself with all-inclusive service and guidance during the project. The scope, the approach and the objectives of the pentest are determined in advance for optimal results. Our reports are written in simple and understandable language.
Read more about our reports on our blog.
• Professionele ethische hackers met 5+ jaar ervaring
• Penetration Testing As A Service
• Advice for determining the research question
• Optimal guidance from start to finish
• Customer-friendly reporting
• Presentation/ recommendations on location possible
How long does a pentest take?
This depends on the scope of the pentest. Each website/ infrastructure is different, such as the size, functions, etc. The time required, including the report, is based on the scope.
How thorough is a pentest?
The pentest is adjusted to the client’s desires. Should the client want a short pentest on one URL, then this is tested for several vulnerabilities. We work thoroughly and never blindly trust a report by an automatic scanner. We give the preference to test everything by hand, because you can see more and test more thoroughly than what a scanner may be able to do.
What is the preliminary stage of a pentest?
Signed waiver (plus a possible NDA)
Inform all the parties of the pentest
Create a backup before starting the pentest
Provide a VPN connection or IP whitelisting
If needed, making test accounts available
Preferably making use of a test environment not to interrupt the live environment during the pentest, such as an exact copy of the live environment
Our site is in the cloud,
is a pentest still useful?
A pentest is also useful if the site is in the cloud, as vulnerabilities can also occur on a website in the cloud. For example, certain software/plugins in the cloud should be updated by the host. However, there can be malicious plugins, through which you are vulnerable.
My organisation has confidential data.
Are these safe with a pentester?
All data (such as screenshots, login data etc.) that are gathered by the pentester/ethical hacker during the test, are destroyed after completion of the report. Naturally, we handle your data confidentiality. These are published in the report only at your request.
What happens to the results of a pentest?
A report is made of the results of the pentest. Next, a presentation with recommendations is given by our security consultants at the location of the client. The report is saved in a secured environment in combination with two-step authentication, which only can be accessed by members of the security team. The report is saved for 18 months, unless you request us to delete the report. Finally, the report is encrypted and sent digitally. The results are relevant at that specific time. A second pentest can be requested the next quarter, the results of which will be used to update the existing reports.
What is the difference between a pentest and a web application scan?
A pentest dives a lot deeper. A pentest is the most extensive way to test your environment for vulnerabilities. Pentesters search both manually and automatically with human insight for vulnerabilities. This gives us better results than with an automatic scan. Pentesters use various creative attacking techniques and different methods and tools than a web application scan. The web application scan is a component, a used tool within the full pentest process.
A web application scan checks for vulnerabilities with a completely automatic process on the basis of known security issues. These scans check, for instance, for malware, the OWASP top 10, and outdated server software. An affordable service/tool to discover known vulnerabilities. However, it may not detect divergent patterns or behaviour due to missing intelligence.
What are the characteristics of a good pentest(er)?
When a pentest is mostly automated, it usually is not a good sign. Important to note are the experience and knowledge of a pentester and certifications such as CEH/OSCP/OSWE, which are signs of expertise, knowhow, competence, perseverance, and creativity. Of course, a certificate of conduct cannot be forgotten either.
Our pentesters are qualified and are regularly in the Dutch top 10 Hackthebox list. Additionally, several of our employees work in the cybercrime division for the national police force.