Application Assessment | Penetration Test
Let a skilled attacker assess your application hands on.
In our application assessments, we use security tools together with manual analysis to find holes in an application.
How does it work?
In a typical application assessment, a human drives the process of trying to simulate the steps an attacker might follow to try to break into a system. This may include automated scans, but in all cases requires a person to evaluate results and review them for false positives. It will also include manual testing that attempts to exploit common problems.
The output is a report enumerating security issues identified with expected remediation steps.
Pros and Cons
The main benefit of a penetration test is that it looks at your system the way an attacker would. It is a fast way to gather information about the vulnerabilities in your system.
The drawback of penetration tests is that they only capture a point in time, are limited by the skill of your tester, and don't leave a particular legacy of knowledge to build on. Additionally, in a black box pen test, the tester does not have access to source code and cannot therefore make context specific remediation recommendations.
Who should be interested?
Organizations wishing to put their applications through hands on testing or with compliance requirements to do penetration test will benefit from an application assessment / penetration test.
Some organizations may have regulatory reasons to complete an application penetration test.
What does it cost?
An application assessment/penetration test can typically be done in week of consulting.
Jemurai provides a number of security services, including pure manual security code review, security architecture review, application scanning and testing and can engage with organizations to develop security programs and build security into their SDLC.