Hackpertise is specialized in conducting advanced manual web application pentesting. We can also conduct periodic pentests for your organization so that your web application(s) and website(s) will get and stay as secure as possible.
When conducting a pentest Hackpertise uses a well-known and established methodology: the Penetration Testing Execution Standaard (PTES) .
The 7 steps are:
- Pre-engagement interactions
Together with you, here we will define the scope to make sure we will focus on the right things. We also give estimates and explain our working method. In other words: Rules of Engagement.
- Intelligence gathering
Also known as the reconnaissance phase, where we gain as much information about the environment, software and details needed for the test.
- Threat modeling
In this step we will identify and categorize assets and threats.
- Vulnerability analysis
Using the threat model, we analyze the possible vulnerabilities and flaws in the information structure.
Here we try to leverage vulnerabilites found and try to get access to assets. In other words: we try to bypass security restrictions to get into the system.
- Post exploitation
This step is needed to better understand the risk of the exploitation from the previous step. We discover possible flaws in your system, the value of the assets at risk and what should be done to prevent these exploitations and what should be done to prevent real attackers from maintaining control of the system after exploit.
This is where we create a clear report with all vulnerabilities and problems found, explained and (if possible) including solutions. The report also contains all reproduction steps and possible solutions.