- Email: info@sec4good.cz
- Myslivečkova 882, 250 92 Šestajovice, Czech Republic
Web application penetration testing, is a critical component of any comprehensive security strategy. This process involves simulating malicious attacks on a web application to identify potential vulnerabilities and security flaws. Unlike automated security assessments, penetration testing leverages both automated tools and human expertise to uncover issues that might be missed by automated scans. Our testers use various methods such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF) among others to attempt to exploit security vulnerabilities.
The primary goal of web application penetration testing is to improve the security of your application. By identifying weaknesses and vulnerabilities, developers can address these issues and implement appropriate security measures to prevent future attacks. Furthermore, penetration testing can help organizations meet compliance requirements, such as those stipulated by GDPR or HIPAA, which require regular security audits. By providing a detailed report of findings, including the vulnerabilities detected, their severity, and recommendations for remediation, penetration testing offers a roadmap to enhance an organization's security posture.We use the OWASP methodology. When ordering the service, we agree on the scope, what is and is not subject to testing. We will then perform the actual test and evaluate it.
| Service | Price |
|---|---|
| Pentesting | €650 / day |
| Ethical phishing | €2,500 / campaign |
| Managed backups services | €650 / day |
How is your internal network? Do you have an overview of all the devices connected to it? Are you using strong passwords that can't be cracked?
This service will show you where an attacker can get to if they are connected to the internal network. Some attacks come from the internal network and are carried out by employees themselves. Often all it takes is a misconfigured shared drive, the incorrect practice of storing passwords in plain text, or not locking computers when leaving for lunch.
At the beginning, we will agree on the rules and scope. The test can be done remotely via VPN, remotely via a connected computer, or directly onsite. All these parameters influence the complexity and so the final price is always individual.
Do you have an overview of what is "flying" around you? All it takes is an unpatched wireless router connected to your network and an attacker within range can get right into your network. It's not always intentional, employees might just want to extend coverage into the parking lot...
We will check the settings of your wireless devices and try to connect to them. In the case of free hotspots, we'll see if they're really just connecting to the internet and not getting into the internal network.
Most often, customers are afraid to "let" an attacker into their network. But if the weaknesses are not detected by the pentester, sooner or later someone else will discover them. The cost of remediation will then be many times higher than the cost of the pentest.
What can we test? Today's IT is complicated, so there are many possible areas.
No information is provided to the tester in this test. The tester in this case acts as an unprivileged attacker, from initial access and execution to exploitation. This scenario can be considered the most authentic and shows how an adversary without insider knowledge would target and compromise the organization. Therefore, this test is the most costly and takes the longest time.
In this test, only limited information is given to the tester, usually login credentials. The test is useful for understanding the level of access that a privileged user might gain and the potential damage they might cause. The test strikes a balance between depth and effectiveness and can be used to simulate either an insider threat or an attack that has breached the network perimeter.
In most real-world attacks, the attacker will perform reconnaissance of the target environment, which will provide similar knowledge to an insider. Customers often prefer this test as the best balance between efficiency and authenticity, as it eliminates the potentially time-consuming reconnaissance phase.
In this test, the tester receives all network and system information, including network maps and passwords. This saves time and reduces costs. Penetration testing is useful for simulating a targeted attack on a specific system using as many attack vectors as possible.