Penetration testing is a form of ethical hacking that we, security professionals, are particularly fond of. It can be challenging and fun, and we don’t have to worry about any law enforcement authorities breathing down our necks.
We’re not criminals, but highly trained professionals who deliberately look for holes in security systems, web applications and other software.
Who is an ethical hacker?
An ethical hacker is a security professional who looks for flaws in IT systems and web applications by trying to bypass built-in security mechanisms, or by exploiting mistakes made by other professionals when configuring solutions or designing and programming web applications and software.
An ethical hacker does all this with the knowledge and on behalf of the company’s management, which gives them the permission and legitimacy needed to carry out work that would otherwise be considered illegal without a licence and a contract.
When should you order a penetration test?
A penetration test only makes sense when you have properly secured – or believe you have properly secured – the infrastructure in your company, such as with firewalls for any web applications. Without good security solutions already in place, it’s simply too easy to hack into systems.
How is a penetration test performed?
Companies turn to ethical hackers when they want to make sure that the systems they use or the solutions they develop are secure, or when they are trying to identify as many security flaws as possible that could otherwise be discovered by malicious hackers.
In summary, a penetration test can be carried out on your company’s systems in three ways.
- White box penetration test.
You are completely transparent with us, and give us access to your internal network, disclose your public IP addresses, disclose the username and password of a typical user, and the names and IP addresses of your servers, but you don’t give us privileged access (i.e., no admin rights). - Gray box penetration test.
An approach that is halfway between white box and black box testing. You don’t give us all the details needed to access your systems, so we have to work a little harder to get in. - Black box penetration test.
We only know the name of your company, and need to find out all the other information ourselves. In this way, we face practically the same obstacles as real hackers would in their illegal activities.
Whatever form of testing you choose, we ensure mutual legal security for both you, the client, and us, the contractor. Non-disclosure agreements (NDAs) and ethical hacking contracts are standard documents we sign before we start our work.
Mutual trust
The level of trust between you, the client, and us, the contractor, must be at the highest level.
It is important that as few people as possible know about the penetration test in order for it to provide useful information to those in charge.
This is because knowing that a penetration test is being carried out in the company makes employees behave in a completely different way than if they did not have this knowledge. In such circumstances, the results of the test are not realistic, and thus less useful, ultimately reducing security.
Penetration test results
The penetration testing reports we produce are detailed and usually extensive. They are generally used by companies as a kind of cybersecurity manual, tailored to the specifics of each organisation.
DIH voucher for penetration testing
Through the Digital Innovation Hub (DIH) Slovenia, the Slovene Enterprise Fund can co-finance a penetration test at your company at up to 60% of the total cost, to a maximum of 10,000 EUR.
The focus of voucher co-funding is on penetration testing of self-developed web or mobile applications, which means that you must own the copyright to the web or mobile application in question.
Modified open source systems such as WordPress, Joomla, Magento, PrestaShop and the like are not considered as self-developed applications.
We know the procedure to follow to get a voucher, so you can count on us to help you every step of the way. The process of obtaining a voucher thus starts with contacting us as soon as possible. So don’t hesitate to fill in the application form, write to us or call us!