Pentesting (penetration testing) is a simulated attack exercise to identify security gaps in an application.  For us, this includes reconnaissance to learn about an application, the use of a broad set of tools to identify specific types of security issues and always includes manual testing.

Manual testing is essential for assessing things like authorization bypass:

  1. A user in Role 1 should not be able to do some action reserved for Role 2
  2. User 1 should not be able to see data from User 2 who is in a different org

We typically scope penetration tests based on the technology, size of the application, the number of different roles and the type of data involved.

We typically deliver a written report in PDF format at the completion of a pentest and then hold a “readout” call to explain the findings and answer any questions.  We work hard to provide real world context sensitive remediation advise for issues identified.

Pentesting is a very common type of security project, is mandated by various standards and is considered an essential process for most companies.

Reach out to and we’d be happy to talk you through how this engagement works.  Alternatively, reach out directly to Matt@ to get engaged.