Why perform a penetration test?
A penetration test allows you to evaluate the security of an environment, carrying out a simulated attack within applications, systems, applications and thus determining the effectiveness of controls, vulnerabilities, design errors, among others.
The objective when carrying out penetration tests should be primarily the hardening of your systems and applications, forming part of a cycle of continuous improvement.
Application Penetration Test
API Penetration Test
With the increased use of APIs, it is critical that companies conduct assessments of their API infrastructure and identify the effectiveness of existing security controls.
Our team will focus on simulating attacks on the company's APIs based on the OWASP Top 10 API vulnerabilities. They help you identify vulnerabilities and their impact, thereby mitigating the risk of data exfiltration and security incidents.
Brier & Thorn's application penetration tests are carried out based on the top 10 vulnerabilities of OWASP (Open Web Application Security Project) in conjunction with our testing methodology, we managed to generate a framework under which we evaluate the security of web applications.
Our assessment considers the context of your company to identify vulnerabilities that can only be identified manually (e.g. data validation) providing actionable results to your team.
Penetration Test as a Service (PTaS)
The continuous evaluation of systems, applications, platforms and infrastructure is necessary, our Penetration Testing as a Service service focuses on continuously performing tests according to your needs, supporting you to identify and prioritize vulnerabilities affecting your environment.
Network Penetration Test
Our team evaluates the security of your network from two perspectives, the first is from an external point testing the network perimeter. Additionally, the evaluation is performed internally, simulating an attacker who has managed to compromise a user and trying to move laterally through the network.
During our evaluation, our team looks to escalate privileges (e.g. admin users), exfiltrate data, and if required, test the effectiveness of network segmentation.
Our penetration test service focuses on simulating attacks to identify vulnerabilities in your environment, adhering to recognized methodologies including but not limited to Penetration Test Execution Standard (PTES), OWASP Testing Guide etc….
We base our methodology on recognized industry standards and frameworks, such as, the PTES (Penetration Test Execution Standard) standard, which establishes 7 phases within the evaluation process.
Manual tests refer to those evaluations that combine the use of professional tools such as vulnerability, static and dynamic code scanners with the knowledge acquired from our team. This allows us to identify design flaws and defects that are not detected by automated tools.
As part of our penetration testing we include social engineering, such as Phishing, to provide a well-rounded evaluation of your security posture. This allows us to identify not only vulnerabilities within systems but also within users.
At the end of our evaluation, we provide a complete report that will include the narrative of the test, the findings and vulnerabilities as well as recommendations for their remediation. As appendices to said report, the results of the tools used are provided.
Brier & Thorn has a no surprises policy, any critical findings will be provided to you immediately for prompt mitigation and response. Additionally, at the end of the test, a session will be scheduled with your team to review the findings in detail and provide a recommendation for their remediation.