PENETRATION TESTING AS A SERVICE

Connect-i delivers tailored penetration testing services to corporate clients based upon the highest standards and practices, which can be used to find issues before they’re exploited. Connect-i leverages our extensive knowledge base and expertise to test target systems for security vulnerabilities.

Identify your vulnerabilities before hackers do it!

Identify your organization's vulnerabilities before hackers exploit those weaknesses. Our security experts simulate cyber-attacks on your systems during a pentest execution, as real hackers would do. This will be performed in a safe and secure environment by certified and experienced ethical hackers.

Pentesting identifies your IT systems' robustness and reveals potential vulnerabilities before hackers have an opportunity to cause serious harm. Team members are experienced professionals with a deep and practical knowledge of contemporary security issues.

They are certified as security advisors by industry leaders, including EC-Council, Offensive Security and eLearnSecurity.

What you get

real test

Real test

The most effective way to test if your systems are secure is to perform attacks under the same conditions as real hackers.

expert team

Expert team

Our highly proficient team can pentest all your assets. These extend to your external and internal networks, including web applications, APIs and mobile applications.

full coverage

Full coverage

Benefit from full coverage and analysis of your systems and advanced vulnerabilities search.

deep analysis

Deep analysis

Tool-based and manual system analysis, including an in-depth analysis of detected vulnerabilities.

clear report

Clear report

Assessment of your system. Executing modelled attacks and capturing a list of detected exploitations and vulnerabilities.

Penetration testing service

external penetration testing

External penetration testing

External penetration testing highlight potential threats and vulnerabilities that attackers may exploit on public assets.

web application penetration testing

Web Application penetration testing

Application security analysis web apps, business applications and APIs to detect critical vulnerabilities and logical flaws - based on OWASP Top 10.

internal penetration testing

Internal penetration testing

Internal penetration testing evaluates security strengths and weaknesses inside your network.

mobile application penetration testing

Mobile application penetration testing

Service can help to uncover vulnerabilities in applications on different platforms (iOS, Android)

Social engineering testing

Social engineering testing

Simulating social engineering attacks (like phishing) in order to assess your team members and their preparation to face such kind of attacks.

Cloud penetration testing

Cloud penetration testing

Overcome shared responsibility challenges by uncovering and addressing vulnerabilities that could leave critical assets exposed.

Build and Configuration Review

Build and Configuration Review

Identify misconfigurations across web and app servers, routers and firewalls.

Agile Penetration Testing

Agile Penetration Testing

This agile approach helps to ensure that every product release, has been vetted from a security perspective.

Penetration testing models

black-box

Black box testing

Based on the assumption that the attacker is unaware of the inner workings of the application: he treats the application as a "black box" whose contents are unpredictable.

grey-box

Grey box testing

This testing is performed on the basis that an attacker has some limited knowledge of the internal workings of the application.

white-box

White box testing

Based on having all knowledge of the target. It is frequently performed with access to the full source code, full access internally (locally) to the application is provided, including credentials and highest privilege authentication.

Penetration Testing Process

Intelligence Gathering

Gathering as much information as possible to be utilized when pen-testing the target.

Vulnerability Assessment

Identifying vulnerabilities and quantifying the risk associated.

Exploitation

Actively exploiting vulnerabilities identified.

Post Exploitation

Lateral Movement – Maintaining access to the environment and continuing to gain access to data or assets.

Data exfiltration – Simulating the actions of a hacker aiming to breach your organization's security

Reporting

Preparing report with a detailed description of the attacks and recommendations.

Penetration testing is based on industry standards, methodologies and best practices.

Penetration testing is based on industry standards
  • Penetration Testing Execution Standards (PTES)
  • Open Source Security Testing Methodology Manual (OSSTMM)
  • NIST Special Publications 800 115 Technical Guide to Information Security Testing and Assessment
  • Threat classification Open Worldwide Application Security Project (OWASP)
  • OWASP Cloud Security Testing Guide (CSTG)
  • Web Application Security Consortium (WASC)
  • Common Vulnerability Scoring System (CVSS)
  • OWASP Mobile Application Security Verification Standard (MASVS)
  • OWASP Mobile Application Security Testing Guide (MASTG)

Cybersecurity Certifications

All penetration testing is performed in a controlled environment by certified professionals. Our ethical hackers are up to date with current cybersecurity trends. Our experts have the most authoritative international certificates. Protect your organization with the most qualified pen testers.

Offensive Security Certified professional (OSCP)

Offensive Security Certified professional (OSCP)

OSCE certified

Offensive Security Certified Expert (OSCE)

OSWE certified

Offensive Security Web Expert (OSWE)

CEH Master certified

Certified Ethical Hacker (Master)

eMAPT certified

MAPT (eLearnSecurity Mobile Application Penetration Tester)

Micro Focus Gold Partner

Micro Focus

Gold Partner

Protect your organization from cybercriminals

Start benefiting from a personalized cybersecurity solution for your organization. Contact us to learn about all the benefits.

FAQ

What is penetration test/pentest?

Penetration testing (also known as "pentest" ) is an authorized, simulated attack on a client's IT systems, networks, or web applications to identify vulnerabilities that an attacker can exploit. Organizations willingly subject themselves to this test, conducted by a cybersecurity expert, to gain valuable information to address weaknesses or vulnerabilities in their system.

Why should we conduct a Pentest?

It is an integral part of every company's business today and the amount of business-critical data that is stored on IT systems also grow the dependency on a working IT infrastructure. This leads to an increased attack surface and number of attacks against IT systems in the various form of attacks as possibilities to significantly harm a company. A Pentest gives you information about your systems' vulnerabilities, how probable a successful attack against your infrastructure is and how you can protect yourself against potential security breaches in the future.

What types of pentest do you offer?

We provide pentest in 3 main approaches, which deviate in the amount of access and information given to the actor:

Black-box

In this approach, the only access to the application/subnet/IP ranges the tester is given is regular access like any customer. The tester does not have access to view the source code of the application nor the configuration of its servers. Like its name, this approach treats the application as a “black-box,” i.e. a sealed box of which the inner functionalities are not visible.

White-box

Here the tester is exposed to everything, the source code of the application, its design documents and any other element he may think will help in the test. In this respect the tester can compare the behavior of the application with the actual source code, to understand and exploit vulnerabilities. This approach focuses on deep and internal faults of the system.

Gray-box

This is a combination of the above methods. In a gray-box, the tester can be given some information about the system like frameworks being used, the OS of the servers, etc. But usually, the tester won’t be given access to the source code of the application, or access as an administrator of the system. The tester and customer predefine exactly what information should be provided.

Which technologies can you test?

We can test all kinds of system from on-premise systems to cloud-based systems, from web to mobile applications and from small one-page marketing sites to big and complex architectures. Systems may be external-facing systems as well as internal network. Frequently, the security vulnerabilities that matter the most are independent from the system's technology, making it possible to successfully test even previously unknown types of systems. Our experts can quickly adapt to new situations and systems to perform effective work.

Can any harm be done to our productive systems during the test?

Unlike real attackers, we pay great attention to a customer's production systems, to not interrupt them. We always go to the greatest extent to leave all systems unharmed in a penetration test. Attacks, where the risk of a system failure is especially high, are only performed with the client's explicit consent.

All in all, it is never possible to completely rule out that a production system crashes in a penetration test. To be able to get hold of someone as fast as possible in such a situation, emergency telephone numbers are exchanged prior to the test.

Do you provide guarantees on the confidentiality of the data collected?

Security and trust are at the heart of our concerns. Our company is committed to total confidentiality not only on the vulnerabilities that could be discovered, but also on the data to which our collaborators could have access if they managed to obtain access to some of your systems.

A non-disclosure agreement (NDA) that treats a client’s data as confidential is already part of every contract.

All customer data, including information that is used to prepare a first quotation, is subject to the same obligation to confidentiality. At the end of a penetration test, all data and possible storage media is either securely destroyed or handed back to the client.

What do we need to provide before starting a Pentest?

To prepare, you need to agree on the scope of the target systems for pentest. You may need to provide the tester with data about your system, provide them with credentials, and they may send you hardware that will be attached to the network to allow access to the network.

How long does a Pentest take?

The time investment for a penetration test varies from case to case depending on the systems to be tested and the individual test requirements. Usually, the time needed ranges from a few days to several weeks. One goal of the preliminary meeting is to get enough information about the systems to be tested to estimate the optimal length for the penetration test.

Early in the process we try to familiarize ourselves with our clients and the scope of work so that we’re able to create an accurate proposal. We intentionally gather this information so that we never come back requesting for more testing time (and additional costs.) The more information you’re willing to share, the better assessment we can provide.

Some clients may request a blackbox approach where little information is provided, simulating a real world attack and response. In this case scenario, we still need to grasp the size/complexity needed for testing and therefore have some basic questions to scope.

How often should a pen test be performed?

A pen test should be performed at least annually or when one of the following occurs:

  • Significant change to infrastructure or applications
  • The modification of end-user access policies (permissions or roles)

Some organizations with a fairly static environment and apps may have a case for a pentest less often. However, there may be compliance or regulatory factors that may require annual testing.

What is the result of a Pentest?

Every client gets a detailed report at the end of a penetration test. A typical report includes a non-technical executive summary of the results, to give a short and precise overview of the current status, followed by a more extensive technical explanation for administrators, developers or other technical staff. The individual problems enumerated in the report are separated into a detailed description, a risk analysis and proposed solutions, to directly give suggestions for improvement