isec is prepared to perform penetration testing on your organization’s systems, applications and networks.
The methodology used by our pentesters has been developed in-house based on standards and guidelines issued by NIST, OSSTM, OWASP, OISSG and ISACA.
Penetration testing, also known as Ethical Hacking, can be approached through different strategies:
BlackBox Pentest – scanning and assessing systems, networks and applications without any knowledge about them, to simulate a realistic attacker from outside the organization, whom would collect the necessary information from public sources;
WhiteBox Pentest – scanning and assessing systems, networks and application having all the necessary knowledge about them (details about infrastructure, IP addresses, protocols etc.);
GreyBox Pentest – scanning and assessing systems, networks and applications having just a part of the necessary knowledge. This type of scenario simulates an internal attacker, such as an unprivileged user who attempts to gain privileged access.
At your request, our pentesters could even use exploiting techniques such as phishing, social engineering, cross-site scripting, SQL injection or malware attacks, to test your organization’s resilience and readiness to face a real attack.