Pentesting with CyberAnt

Is your business safe? Even when a hacker tries really hard?

With CyberAnt’s pentest, you can be sure that your (web) application, website, IT infrastructure, APIs or mobile apps do not contain any vulnerabilities. Our ethical hackers are happy to help you secure what is important to your situation.

Each pentest is different, but the process is often the same. Read more about our approach below, or contact us for an introductory meeting.

Requesting Pentest
439

Pentests performed

✓ In three steps to certainty

✓ Seeing what a hacker sees

✓ In-depth research with clear reporting

✓ Performed by our ethical hackers

✓ Understanding website and IT infrastructure vulnerabilities

✓ More than 10 years of experience

Pentest in 3 steps

A pentest at CyberAnt involves three steps. That way you always know where you stand.

Step 1: Inventory

A pentest always begins with an intake. In this we determine together what exactly is needed and what the next step looks like.

Step 2: Automate

We believe in automation. It allows us to check for all known vulnerabilities checked in our (in-house developed) tooling without forgetting one, in a fraction of the time it would otherwise take. And the great thing is, after the pentest, you can repeat this step with little cost so you can stay on top of the security of your situation after the pentest.

Step 3: Manual research

CyberAnt’s ethical hackers are unique in their knowledge and skills. They are able to find vulnerabilities that no one has ever found before, within any network or custom software. Because all known vulnerabilities have already been found in step 2, the security specialist can focus maximum attention on finding the new vulnerabilities that are most dangerous to your business.

Request a free consultation now

A pentest is customized; our cybersecurity experts are happy to help. Fill in your information and we will contact you.

    How does a pen test work?

    A pentest investigation has 3 phases: blackbox, greybox and whitebox. We are happy to explain the difference.

    Blackbox research

    In the blackbox phase, the basic assumption is that the attacker does not yet know anything. An example is a hacker visiting a Web site or network for the first time. The attacker then wants to know, for example, whether it is custom software or a standard package and whether vulnerabilities are already known for it. In the blackbox phase, we look at what an attacker can find out and whether there may already be weaknesses that can be directly exploited.

    The results of the automated portion of the Website Security Check or Network Pentest often provide a solid foundation for this phase, leaving only the custom components to be looked at.

    Greybox research

    In the greybox phase, the attacker knows more. For example, consider a customer who has a login to a customer portal. The attacker has little or no real “inside information” at this point, but understands the context of the application and has limited access to it.

    The blackbox and greybox phases combined form a good picture of what a hacker can accomplish with limited time.

    Whitebox research

    At this stage, the attacker knows almost everything. Admin accounts are available, questions can be asked of the developer, and sometimes even source code is available. If all goes well, an attacker will never get this far in real life, but this stage helps the researcher save time. As a rule, a pentest is always timeboxed, while an attacker has unlimited time. For that reason, we often take a shortcut by using inside information.

    Pentest: advice in plain language

    Our ethical hackers perform the pen test using advanced tools and use their creativity to manually expose vulnerabilities. We thoroughly check each system for weaknesses and leaks. If required, we perform the pen test periodically. That way you can be sure you’ll outsmart hackers. Our experts have years of experience in cybersecurity and always communicate all advice in plain language. That way, you know immediately what to do and are always up to date on the security of your website or system.

    • CyberAnt’s ethical hackers are certified
    • Our hackers have more than 10 years of experience
    • Our proprietary tooling reduces testing time
    • Ability to leave our smart tooling in place permanently
    • Advice in clear language
    • Providing targeted solutions
    Requesting Pentest

    Frequently asked questions about the pentest

    What is a pentest?

    In a penetration test, a security specialist tries to break into a Website. “Pentest” is short for “penetration test. A pentest assesses the security of a Web site or computer system, letting you know if the security is working in practice. This is also known as “ethical hacking. At the end of the test, you will receive a report and presentation, so you will know exactly where the weaknesses are, and of course, what the strengths are.

    How does a pentest work?

    Prior to the pentest, the security specialist contacts you to agree on exactly what will be tested, how long the test will take and in what environment the test will take place. Often a test takes place in a test environment that resembles the production environment as much as possible. Within the pre-established framework, the specialist will then pull out all the stops to get in. In doing so, we also make notes of points that do not directly lead to a data breach, but where security can be further enhanced.

    Who is a pentest for?

    Pentests are conducted in online environments that really should not be hacked. It has long ceased to be the case that only banks commission pentests. Many companies today have their customer portals, apps and sometimes even entire computer networks subjected to a pentest. Beforehand, it is determined whether a pentest is indeed the most effective solution. Sometimes it is wiser to start first with such things as vulnerability management, a Website Security Check or training for the developers or administrators. Our free Quickscan will give you an instant indication of the security of your website. Of course, we will guide your organization so you can make the right choices.

    What does a pentest cost?

    The cost of a pentest depends on how large the application is and how extensive the examination needs to be. What needs to be investigated is always determined in consultation with the client. The cost depends on the number of half-day sessions; we charge €595 per half-day session. For an indication of your situation, we always schedule a free intake first, request an intake here.

    Are there any risks associated with a pentest?

    A pentest is not always without risks. Although the security specialist does everything possible to limit damage, it cannot always be prevented. Indeed, real cyber attacks are carried out on the target. For this reason, we discuss in advance how to mitigate the risks. It is often chosen not to test on production servers, but on an environment very similar to this. If that is not possible then the “rules of engagement” are determined, for example, by performing certain tasks at night or only when an administrator sits ready to intervene if needed. Despite the risk, it is still important to perform these tests, as a malicious hacker will not be careful either. An indemnity statement is signed in advance indicating that you are aware of the risks and under what conditions the test will be performed.

    Who is CyberAnt?

    CyberAnt is a Zeewolde-based pentesting company specializing in pentesting of websites and custom software. Are you considering a pentest? Please contact us via the contact form. We will then schedule a time together to discuss the possibilities.