Application

Software Security

Penetration test

Penetration Test is the process that helps assessing the security level of a network or an IT system through the simulation of a wide scenario of cyber-attacks. Once the effectiveness of the system’s security measures is tested, its vulnerabilities and deficiencies are highlighted and reported.

Our methodology in providing security assessment services is in line with OSSTMM and OWASP standards.

Web or Mobile?

A Penetration Test can be both Web and Mobile.

Web

A web Penetration Test aims at identifying the vulnerabilities that could compromise confidentiality, integrity and availability of the information processed by the in-scope portals.

Mobile

A mobile Penetration Test is the tool that better allows protecting a mobile application (Android, iOs, etc.) and its connection with backend from digital piracy and frauds.

White

The tester is allowed to access the source code and knows every information about the infrastructure and the target.

Black

The tester simulates a real attack, knowing nothing about the infrastructure, the target and the source code.

White or Black?

A Penetration Test can be run both with a White-Box or a Black-Box methodology.

The White-Box approach is considered to be more effective, while the Black-Box one is more realistic. The only difference between a Black-Box Penetration Test and a real attack are the target and the time-frame as the simulation is not aimed at causing damages and happens within a limited time-frame.

Code Review

Code Review is the perfect tool to check the security level of a software. Our specialists develop their own statistical analysis tool in order to identify every kind of vulnerability in the most effective way.

The process, whoa effectiveness is guaranteed by our knowledge about secure coding and offensive application security, aims at delivering a scientific and reproducible approach to security measures assessments.