XPentest follows a phased approach to all security assessments. First, the preparation of the assessment takes place, then information about the target systems, components or applications is collected, then the assessment is carried out and finally the report is written.
Good preparation is essential and ensures a time-efficient execution of the assignment.
The activities in this phase are:
By collecting as much information as possible (e.g. by using data from publicly available sources) we get a complete picture of the systems in the scope. The information that can be collected includes:
In this phase, Xpentest assesses which vulnerabilities can be identified by conducting an investigation by a team of experienced security specialists. The strength of the assessment is the way in which we use our technical knowledge and logic to find vulnerabilities. In order to work as efficiently as possible, we also use tools and scripts developed partly by Xpentest itself. The research results in raw data and potential vulnerabilities that are then manually checked for ‘false positives ’.
This phase consists of writing and reviewing the report If you wish, we will be happy to discuss the report with you and review the findings together.
Retests or periodic vulnerability scans are a necessary complement for organisations working with ever-expanding IT infrastructures and ongoing application development processes with very regular updates. In these situations it is almost impossible (and also very cost-inefficient) to always have a (thorough) manual security assessment performed. That is why Xpentest can perform automated vulnerability scans periodically after a manual penetration test (either applicative or infrastructural, or both), whereby the frequency and timing are tailored to the customer's development methodology. This gives you the best of the unique expertise of a Xpentest security expert and frequent scanning to optimally mitigate security risks.
Our strength lies in understanding out client's business processes, culture, vision and goals across the industry segments and offering reliable client-oriented solutions. We commenced our operations in 2018 to provide cyber security consulting services to clients globally as partners and conceptualize, realize and lead technology driven business transformation initiative to completion.
Pentest Delivered
Trainings Delivered
Continuous Vulnerability Monitoring