Penetration Testing

// about service

What Type of Pen Test fits better in my company?

01.
Web Application Penetration Test

For a more hardened structure infrastructure and application against cyber attacks.

02.
External Black-Box Pen Test?

Emulate potential attacks to exploit weaknesses in network security but without the dangers of a real threat.

03.
Post-Breach Internal Penetration Test

If you suspect that someone in your organization:

You navigated to the wrong website and / or clicked the wrong link
You used a USB device or other type of removable device
You opened a malicious email attachment

04.
Pen Testing as a Service

If you are going to face an audit and require evidence of security controls tests you will need a certified compliance rating for a relevant industry standard.

The RCS Assessment Process

01
Requirements assessment
Requirements assessment

The goal is to collect enough information to build a proposal. The initial kick-off typically involves email exchanges, phone call discussions with team members meetings, and possibly a demonstration of the test objectives (if necessary).

02
Service Proposal
Service Proposal

A proposal will then be delivered to the client. The proposal will contain a quote for the services requested and a high-level statement of work (SoW). Once both parties agree with the content of the proposal, the document will be sent for electronic signature.

03
Documents
Documents

All required paperwork is to be shared with the parties. Documentation such as a Confidentiality Agreement (NDA) or Master Service Agreement (MSA) can be agreed upon if required by the parties.

04
Invoice
Invoice

When all the necessary documentation is ready, before starting a deposit from the Client will be required in accordance with the Terms described in the signed agreement.

05
Test and run
Test and run

This is the time to assign a team to the project and schedule the tests


06
Start-up technical report
Start-up technical report

An Internal Detailed Findings Report will be provided to the Client within 2-3 business days if possible, after the first round of testing. The Client is recommended to review the results for any remediation deemed relevant.

07
Time to solve problems
Time to solve problems

It is the moment in which the Client has to remedy the problems identified during the initial penetration tests.



08
New polishing tests
New polishing tests

Any issues that were identified during the initial penetration test and that have been fixed will be retested. It is desirable that this retest be done within a single trial window within 90-120 days after the initial trial.

09
Final Report Delivery
Final Report Delivery

The Client is offered a choice of two final reports if required: (1) In-house detailed report - Technical report showing original findings and any successfully fixed issues. Suitable for internal use. (2) External Summary Report - This is a high-level summary of outstanding issues. Technical descriptions of pending issues are summarized, but not detailed, and can be shared with interested third parties who require proof of evidence.