Pentesting

Pentesting (penetration testing) is a simulated attack exercise to identify security gaps in an application.  For us, this includes reconnaissance to learn about an application, the use of a broad set of tools to identify specific types of security issues and always includes manual testing.

Manual testing is essential for assessing things like authorization bypass:

  1. A user in Role 1 should not be able to do some action reserved for Role 2
  2. User 1 should not be able to see data from User 2 who is in a different org

We typically scope penetration tests based on the technology, size of the application, the number of different roles and the type of data involved.

We typically deliver a written report in PDF format at the completion of a pentest and then hold a “readout” call to explain the findings and answer any questions.  We work hard to provide real world context sensitive remediation advise for issues identified.

Pentesting is a very common type of security project, is mandated by various standards and is considered an essential process for most companies.

Reach out to sales@jemurai.com and we’d be happy to talk you through how this engagement works.  Alternatively, reach out directly to Matt@ to get engaged.

Jemurai Newsletter

Privacy Policy

Recent Comments