Home Penetration testing

Penetration testing

A penetration test or pentest is the most important step in a security audit of an organization’s information systems. It allows business owners to ensure that the company can withstand external attacks and that key business processes will not be disrupted by attackers. Conducting a penetration test significantly reduces the risk of damage due to the actions of cybercriminals. The term pentest comes from the English phrase penetration testing. The procedure is now a widespread practice around the world.

During a penetration testing process, FS Group experts check all nodes of an information system, which are an essential foundation for a stable operation of organization processes — a website, a mail server, client, and mobile applications.

Types of penetration tests:

BlackBox

A type of pentest when only publicly available data about research targets, networks, and their parameters are accessible to the pentester.

WhiteBox

A specialist is provided with all data needed for rapidly conducting a penetration test

GreyBox

A tester has only limited information to identify the strengths and weaknesses of a target’s security network, and periodically requests information to reduce the investigation time and to make the testing process more efficient.

Want to know more?

Get a consultation

Testing of applications adheres to requirements from:

  • OWASP ASVS;
  • OWASP Testing Guide;
  • PCI DSS;
  • NIST SP 800-115;
  • ISACA Penetration testing procedure (P8).

 

Competences of specialists

The company’s employees have been awarded the following certificates:

  • CEH;
  • CIS;
  • CISSP.

 

Types of submitted reports:

  • A test execution plan;
  • An intermediate report on the progress of work;
  • A final report on the results.

 

The final report consists of two parts, containing:

  • Information about the assessment of the security level of the customer’s system, with the required information about the practical demonstration of successful exploitation of vulnerabilities;
  • Recommendations for eliminating or minimizing the identified vulnerabilities;
  • Classification of all identified risks.

 

Information system security is one of the critical aspects that the owner of the organization must focus on. A penetration test is conducted to identify the security level of the customer’s system.

Why is our experts’ penetration testing better than competitors’
Effective attack vectors
Effective attack vectors

The most appropriate attack vectors are selected for the testing according to the client's requests.

Over 8 years of work experience
Over 8 years of work experience

Extensive experience allows us to provide services quickly and efficiently.

Support service
Support service

If the client suddenly has additional problems, our support service is ready to assist to solve them as soon as possible.

Related products and services
FS PHISHING

FS PHISHING includes:

• Integration within the corporate network.
FS PHISHING provides large companies that don’t want to transfer employee information to cloud solutions with full operational autonomy. 
• Customized development of phishing pages according to your requirements.
Flexible configuration of the system to the company's resources to make phishing attacks more realistic.
• Development of writing texts based on the clients’ needs.
The product allows users to create universal phishing emails according to their requirements. The system does not limit the type of letters.
• Configuring the system for your mail server.
We integrate the product and set up the interaction with the corporate mail servers for maximum efficiency of the system.

More
FS OSINT LAB

WEB-solution that helps to verify employees and contractors on data from open and closed sources, as well as with Big Data FS Group

You get access to unique data, make it easier for employees of different departments, for example:

• Procurement specialists
• HR specialists
• Compliance specialists
• Lawyers
• Financiers

In addition, the advantage of OSINT LAB is a user-friendly interface that centrally collects and displays all requested data.

More
FS IRT

Package of services for investigation, analysis, and investigation of information security incidents

The basic package includes:
• consulting with experts
• investigation of the IS incident
• comprehensive forensic examination of digital evidence
• reports on individuals / legal entities from open and closed sources
• a monthly newsletter with information about vulnerabilities actively used by hackers and recommendations for increasing the level of protection
• penetration testing
• scanning web applications and resources

More
FS MNG

Software product for detecting compromised accounts of the organization in open and closed sources

Thanks to FS MNG you can:

• identify compromised accounts, including when compromising third party resources
• prevent data leakage
• protect against the use of compromised passwords
• be informed about the leaks before it is widely covered in the media

More
FS TI

A software product that contains a list of anonymized IP addresses in the TOR, PROXY & VPN categories sold in public and in DarkNet. Allows you to identify anomalies in network traffic, application traffic and can be used in various ways

• Proactive approach to TI collection
• More information for decision making
• Earlier provision of data and thus prevention of attack
• Compatibility with most vendors' solutions
• Complementarity with other feeds

More

Like many other companies, FSG uses cookie technology on its websites to improve your user experience, as well as for the correct operation of the website.

If you agree to the use of all cookies on this site, click the Ok button. To learn more about cookie technology, its benefits and how FSG uses it, check out our Privacy Policy.

Accept all cookies