Our services
We offer different types of services related to security tests or Ethical Hacking and adhering to the best security standards and methodologies.
Hacking Network Infrastructure and Server (External)
Evaluation of the capacity of your external information assets to resist attacks. Our world-class Pentesters, armed with the same techniques as cybercriminals…
Read more …Web Application Hacking
Comprehensive penetration testing of your web applications, web services, and APIs that can be used to store and access critical business information, with the goal of identifying and attacking vulnerabilities transmitted…
Read more …Mobile App Hacking
Access your mobile applications to identify vulnerabilities specific to mobile computing environments, such as those defined by the Open Web Application Security Project (OWASP) and other emerging industry standards.
Read more …How do we do it?
Our team has years of hands-on Hacking experience, plus our Hackers come from the old school and have worked on multiple real-world Hacking case studies. That's why our offensive security tests are based on the mindset of a real hacker and not on automated tools.
Project planning
The Ethical Hacking project is planned, establishing commitment dates where the pentest tests will be carried out towards the objectives (IP/DNS) provided by the client, as well as the project completion dates.
pen test
Our team performs security tests towards the objectives provided by the client, our team constantly reports project progress in the event that they find high or critical impact vulnerabilities.
Deliverables
Our team delivers an executive and technical security report that includes proofs of concept for each finding found, classifying vulnerabilities in critical, high, low and informative severity according to the CVSS universal standard.
Our methodology
At Netploy Security, our penetration testing methodology is based on the approach described in the OWASP testing guide and the Open Source Security Testing Methodology Manual (OSSTMM).
1. Preparation
2. Recognition
3. Map
4. Discovery of vulnerabilities
5. Exploitation of vulnerabilities
6. Report
Penetration Testing Approaches
Netpoy Secutiy penetration testing services support the following testing approaches:
BlackBox
It refers to testing a system without having specific knowledge of the internal workings of the information asset, without access to the source code, and without knowledge of the architecture. This approach closely mimics how an attacker might initially approach a web application. However, due to a lack of application knowledge, discovery of bugs and/or vulnerabilities may take much longer and may not provide a complete view of the application's security posture.
GrayBox
It refers to testing the system while having some knowledge of the target asset. This knowledge is typically restricted to the application URL, as well as user credentials, which represent different user roles. Greybox testing allows you to focus and prioritize efforts based on superior knowledge of the target system. This increased knowledge can result in the identification of more significant vulnerabilities, while putting much less effort. Therefore, greybox testing can be a sensible approach to better simulate the advantages attackers have over security professionals when evaluating applications. Recorded tests allow the penetration tester to fully assess the web application for potential vulnerabilities. Additionally, it allows the tester to check for any weaknesses in the application's authorization that could lead to vertical and/or horizontal escalation of privileges.
WhiteBox
It refers to testing the system while having full knowledge of the target system. At Netploy Security, our whitebox penetration test is made up of a greybox test combined with a secure code review. Such assessments will provide a complete understanding of the application and security posture of your infrastructure.
Our certifications
EN 
ES