Are you safe? Even when a hacker really does his best?
With the CyberAnt pen test you can be sure that your (web) application, website, IT infrastructure, APIs or mobile apps do not contain vulnerabilities. Our ethical hackers are happy to help you secure what's important to you.
Every pentest is different, but the process is often the same. Read more about our working method below, or contact us for an introductory meeting.
- Three steps to certainty
- See what a hacker sees
- In-depth research with a clear report
- Operated by our ethical hackers
- Insight into weak spots of your website and ICT infrastructure
- More than 10 years of experience
Pentest in 3 steps
A pentest at CyberAnt involves three steps. That way you always know where you stand.
Step 1: Inventory
A pentest starts with an intake. Together we determine what you need and what the next step looks like.
Step 2: Automatisation
We believe in automation. It allows us to check for all known vulnerabilities checked in our (self-developed) tooling without forgetting one, in a fraction of the time it would otherwise take. And the great thing is, after the pentest, you can repeat this step with little cost so that you stay informed about the security of your application after the pentest.
Step 3: Manual examination
CyberAnt’s ethical hackers are unique in their knowledge and skills. They are able to find vulnerabilities that no one has ever found before, even within your network or custom application. Because all known vulnerabilities have already been found in step 2, the security specialist can focus as much as possible on finding the new vulnerabilities that are most dangerous for your company.
How is it tested?
A pentest investigation has 3 phases: blackbox, graybox and whitebox. We are happy to explain the difference.
Research In the blackbox phase, the starting point is that the attacker knows nothing yet. An example is a hacker who visits your website or network for the first time. In the blackbox phase we look at what an attacker can find out and whether there are any vulnerabilities that can be exploited directly.
The results of the automated part of the Website security check or the network security audit often form a solid foundation for this phase, leaving only but it is necessary to look at the custom components.
In the greybox phase, the attacker knows more. Think, for example, of one of your customers who logs in to your customer portal. The attacker has little or no real “inside information” at this point, but understands the context of the application and has limited access to it.
The blackbox and greybox phase combined form a good picture of what a hacker can achieve with limited time.
In this phase, the attacker knows almost everything. There are admin accounts available, questions can be asked to the developer and sometimes even source code is available. If all goes well, an attacker will never get that far in real life, but this phase helps the investigator to save time. As a rule, a pentest is always timeboxed, while an attacker has unlimited time. For that reason, we often take a shortcut using the inside information.
Pentest: advice in plain language
Our ethical hackers perform the pentest using sophisticated tools and use their creativity to expose vulnerabilities manually. We thoroughly check your system for weaknesses and leaks. If desired, we perform the pentest periodically. This way you can be sure that you are outsmarting hackers. Our experts have years of experience in the field of cybersecurity and always communicate their advice in clear language. This way you immediately know what to do and you are always aware of the security of your website or system.
- CyberAnt’s ethical hackers are certified
- Our hackers have more than 10 years of experience
- Our in-house developed tooling shortens the test duration
- Possibility to leave our smart tooling permanently
- Advice in clear language
- Proposing targeted solutions
Frequently asked questions about the pentest
What is a pentest?
In a pentest, a security specialist tries to break into a website. “Pentest” is an abbreviation of “penetration test”. A pentest assesses the security of a website or computer system, so that you know whether the security also works in practice. This is also known as ‘ethical hacking’. At the end of the test you will receive a report and a presentation, so that you know exactly where the weaknesses lie, but also what the strengths are.
How does a pen testwork?
Prior to the pentest, the security specialist will contact you to agree exactly what will be tested, how long the test will take and in which environment the test will take place. Often a test takes place in a test environment that resembles the production environment as much as possible. Within the predefined frameworks, the specialist will then pull out all the stops to enter. We also note points that do not directly lead to a data breach, but where security can be further increased.
Who is a pentest for?
Pentests are performed in online environments that really shouldn’t be hacked. It has long since ceased to be the case that only banks have pentests performed. Nowadays, many companies have their customer portals, apps and sometimes even entire computer networks subjected to a pentest. Beforehand, it is checked whether a pentest is indeed the most effective solution. Sometimes it is wiser to start with, for example, vulnerability management, a Website security check or training for the developers or administrators . With our free Quickscan you immediately get an indication of the security of your website.
Is it possible to do a Website security check first?
Yes, the Website security check is a good first step to do when you want to have a web application or website tested. When you later have a pentest performed, we use the results from the Website security check as input for the pen test so that time (and therefore money) can be saved on the quotation.