Pen testing with CyberAnt

Is your business safe? Even when a hacker tries really hard?

With CyberAnt’s pen test, you can be sure that your (web) application, website, IT infrastructure, APIs or mobile apps do not contain any vulnerabilities. Our ethical hackers are happy to help you secure what is important to your situation.

Each pen test is different, but the process is often the same. Read more about our approach below, or contact us for an introductory meeting.

Requesting Pen test

439

Pentesting performed

✓ In three steps to certainty

✓ Seeing what a hacker sees

✓ In-depth research with clear reporting

✓ Performed by our ethical hackers

✓ Understanding website and IT infrastructure vulnerabilities

✓ More than 10 years of experience

Pentest in 3 steps

A pen test at CyberAnt involves three steps. That way you always know where you stand.

Step 1: Inventory

A pen test always begins with an intake. In this we determine together what exactly is needed and what the next step looks like.

Step 2: Automate

We believe in automation. It allows us to check for all known vulnerabilities checked in our (in-house developed) tooling without forgetting one, in a fraction of the time it would otherwise take. And the great thing is, after the pen test, you can repeat this step with little cost so you can stay on top of the security of your situation after the pen test.

Step 3: Manual research

CyberAnt’s ethical hackers are unique in their knowledge and skills. They are able to find vulnerabilities that no one has ever found before, within any network or custom software. Because all known vulnerabilities have already been found in step 2, the security specialist can focus maximum attention on finding the new vulnerabilities that are most dangerous to your business.

Request a free consultation now

A pen test is customized; our cybersecurity experts are happy to help. Fill in your information and we will contact you.

How does a pen test work?

A pentest investigation has 3 phases: blackbox, greybox and whitebox. We are happy to explain the difference.

Blackbox research

In the blackbox phase, the basic assumption is that the attacker does not yet know anything. An example is a hacker visiting a Web site or network for the first time. The attacker then wants to know, for example, whether it is custom software or a standard package and whether vulnerabilities are already known for it. In the blackbox phase, we look at what an attacker can find out and whether there may already be weaknesses that can be directly exploited.

The results of the automated portion of the Website Security Check or Network Security Audit often provide a solid foundation for this phase, leaving only the custom components to be looked at.

Greybox research

In the greybox phase, the attacker knows more. For example, consider a customer who has a login to a customer portal. The attacker has little or no real “inside information” at this point, but understands the context of the application and has limited access to it.

The blackbox and greybox phases combined form a good picture of what a hacker can accomplish with limited time.

Whitebox research

At this stage, the attacker knows almost everything. Admin accounts are available, questions can be asked of the developer, and sometimes even source code is available. If all goes well, an attacker will never get this far in real life, but this stage helps the researcher save time. As a rule, a pentest is always timeboxed, while an attacker has unlimited time. For that reason, we often take a shortcut by using inside information.

Pen test: advice in plain language

Our ethical hackers perform the pen test using advanced tools and use their creativity to manually expose vulnerabilities. We thoroughly check each system for weaknesses and leaks. If required, we perform the pen test periodically. That way you can be sure you’ll outsmart hackers. Our experts have years of experience in cybersecurity and always communicate all advice in plain language. That way, you know immediately what to do and are always up to date on the security of your website or system.

CyberAnt’s ethical hackers are certified
Our hackers have more than 10 years of experience
Our proprietary tooling reduces testing time
Ability to leave our smart tooling in place permanently
Advice in clear language
Providing targeted solutions

Requesting Pen test

Frequently asked questions about the pen test

What is a pen test?

In a penetration test, a security specialist tries to break into a Web site. “Pentest” is short for “penetration test. A pen test assesses the security of a Web site or computer system, letting you know if the security is working in practice. This is also known as “ethical hacking. At the end of the test, you will receive a report and presentation, so you will know exactly where the weaknesses are, and of course, what the strengths are.

How does a pen test work?

Prior to the pen test, the security specialist contacts you to agree on exactly what will be tested, how long the test will take and in what environment the test will take place. Often a test takes place in a test environment that resembles the production environment as much as possible. Within the pre-established framework, the specialist will then pull out all the stops to get in. In doing so, we also make notes of points that do not directly lead to a data breach, but where security can be further enhanced.

Who is a pen test for?

Pentests are conducted in online environments that really should not be hacked. It has long ceased to be the case that only banks commission pen tests. Many companies today have their customer portals, apps and sometimes even entire computer networks subjected to a pen test. Beforehand, it is determined whether a pen test is indeed the most effective solution. Sometimes it is wiser to start first with such things as vulnerability management, a Website Security Check or training for the developers or administrators. Our free Quickscan will give you an instant indication of the security of your website. Of course, we will guide your organization so you can make the right choices.

What does a pen test cost?

The cost of a pen test depends on how large the application is and how extensive the examination needs to be. What needs to be investigated is always determined in consultation with the client. The cost depends on the number of half-day sessions; we charge €595 per half-day session. For an indication of your situation, we always schedule a free intake first, request an intake here.

Are there any risks associated with a pen test?

A pen test is not always without risks. Although the security specialist does everything possible to limit damage, it cannot always be prevented. Indeed, real cyber attacks are carried out on the target. For this reason, we discuss in advance how to mitigate the risks. It is often chosen not to test on production servers, but on an environment very similar to this. If that is not possible then the “rules of engagement” are determined, for example, by performing certain tasks at night or only when an administrator sits ready to intervene if needed. Despite the risk, it is still important to perform these tests, as a malicious hacker will not be careful either. An indemnity statement is signed in advance indicating that you are aware of the risks and under what conditions the test will be performed.

Who is CyberAnt?

CyberAnt is a Zeewolde-based pen testing company specializing in pen testing of websites and custom software. Are you considering a pen test? Please contact us via the contact form. We will then schedule a time together to discuss the possibilities.

Pen testing with CyberAnt

Pentesting performed

Pentest in 3 steps

Step 1: Inventory

Step 2: Automate

Step 3: Manual research

Request a free consultation now

How does a pen test work?

Blackbox research

Greybox research

Whitebox research

Pen test: advice in plain language

Frequently asked questions about the pen test

What is a pen test?

How does a pen test work?

Who is a pen test for?

What does a pen test cost?

Are there any risks associated with a pen test?

Who is CyberAnt?

Services

Cyberant

Contact