As required by control A.18.2.3, an organization should conduct periodic reviews of technical compliance, in other words, make sure that systems are protected as described in the policies.
What better way to make sure your web site, portal or application (and the data that is stored in them) are safe, than to ask an actual hacker to try to break in?
Your server, web site or web application will undergo a proper wash down, using known vulnerabilities and lesser known hacking techniques. Common vulnerability scanners may be used as a starting point, but an ethical hacker has the proper knowledge to interpret the results and go several steps further.
Penetration tests exist in three flavors:
- Black box: The ethical hacker has no or a little knowledge about the system to be scanned. Usually just a URL and the name of the company. This allows the test to take place without any prejudice.
- Gray box: The hacker is provided with extra information, usually credentials so he/she can log in and go deeper into the software. This can be a starting point to see if user privileges can be escalated in any way.
- White box: The hacker is provided with as much information as possible, such as used technology, architecture diagrams or even insight in source code. This will help him/her finding possible weak spots beforehand and may even reduce the effort needed to produce usable results.
Together with our partner PuraSec we are excited to be able to offer the following package to get you started:
- Two days penetration testing, executed by a team of experienced ethical hackers
- Using the most effective combination of black box, gray box and white box testing
- Scoped to one application (you supply us with the URL)
- You will receive an extremely readable management summary of the findings
- When needed or recommended, you will also receive a follow-up plan
We can offer you all of this for just € 2.750!
Depending on your location, local taxes may apply (read more).