What is a penetration test?
Are you creating a website for new research project? Do you have a new server in lab and you don't know if it's secure enough? The purpose of penetration testing is to identify vulnerabilities in your systems so that you don't have to worry about security of your data. We use the same techniques as real hackers and therefore test your systems against real world attacks. Result of every penetration test is a written report with identified issues together with our recommendations on how to fix them.
Types of testing
Web penetration test
We provide manual penetration testing of web applications fortified by usage of industry-standard tools. We perform tests in accordance with the OWASP (Open Web Application Security Project) methodology.
First we have to agree on conducting the penetration test. In this phase we collect all the information we need to start testing - what addresses are part of testing, what parts of system are out of scope, what should we aim for or if the objectives are up to us etc.
2. Penetration test
In this phase the actual penetration testing can begin. If we find anything critical that cannot wait for the report, we will contact you. Otherwise, you won't know about the testing for the whole week (hopefully).
3. Initial report
After the testing is done, we write a report with all our findings, their level of importance and our recommendations on how to fix them/avoid them in the future. The report consists of both high level information about identified vulnerabilities and low level technical details for your developers and administrators.
We give you some time for fixing the issues and after some time we perform another test to check if the issues are really fixed. During this phase other issues might come up.
5. Final report
After all is done and retested, you get the final report with all the issues.
The testing itself can take up to one week. We also need a few days to complete written report. In case of retest we also need another week plus a few days for final report.
We only provide this service for subjects of Masaryk University. We don't perform testing of personal websites and for public subjects.
Are you interested in penetration testing, and would you like to know more? Do not hesitate to contact us using this non-binding form.