Penetration testing simulates real-life attacks to ensure applications, networks, and systems stand up to creative and complex attacks used by hackers to compromise systems.
Pensive Security delivers high-quality reports which detail all security weaknesses identified during the test. Each issue reported contains a detailed summary, proof-of-concept, and remediation section so that you can remediate the issues quickly and effectively. Plus, an in-depth executive summary and attack narrative clearly explain the results of the test and how the test was conducted.
Pensive Security can perform penetration testing against different parts of your platform architecture, including internal and external networks, web applications, mobile applications, and cloud infrastructure.
Web application penetration tests focus on testing the many components of a web application, including the application’s front-end functionality, backend business logic, connected databases, APIs, and integrations with external services.
Common web application vulnerabilities include those listed in the OWASP Top Ten Application Security Risks such as injection, broken authentication, sensitive data exposure, and broken access controls.
Mobile application penetration tests are typically performed on iOS and Android applications. These assessments are focused on testing the contents of the application bundle itself and the application’s interactions with backend services such as APIs and databases.
Cloud penetration testing focuses on testing the cloud infrastructure hosted via the many different cloud providers. Cloud penetration testing is often performed against AWS, Google Cloud Services, and Azure but is relevant for any cloud service provider.
Network penetration tests evaluate on-premise networks’ security, including both external and internal facing services. These services can be almost anything but are typically networked services like SSH, HTTP, FTP, email, and devices printers, firewalls, intrusion-detection systems, and any other networked endpoint.
Vulnerability assessments seek to identify as many vulnerabilities and security weaknesses as possible during the testing window. Vulnerability assessments are often confused with penetration tests because they share many similarities; however, the goal of a penetration test is “depth-first” and targeted toward attacking specific components, whereas a vulnerability assessment is “breadth-first” and used to establish a security baseline for several in-scope components.