security services

Our services

We offer different types of services related to security tests or Ethical Hacking and adhering to the best security standards and methodologies.

How do we do it?

Our team has years of hands-on Hacking experience, plus our Hackers come from the old school and have worked on multiple real-world Hacking case studies. That's why our offensive security tests are based on the mindset of a real hacker and not on automated tools.

 

 

Project planning

The Ethical Hacking project is planned, establishing commitment dates where the pentest tests will be carried out towards the objectives (IP/DNS) provided by the client, as well as the project completion dates.

pen test

Our team performs security tests towards the objectives provided by the client, our team constantly reports project progress in the event that they find high or critical impact vulnerabilities.

Deliverables

Our team delivers an executive and technical security report that includes proofs of concept for each finding found, classifying vulnerabilities in critical, high, low and informative severity according to the CVSS universal standard.

Shape Image
Shape Image

Our methodology

At Netploy Security, our penetration testing methodology is based on the approach described in the OWASP testing guide and the Open Source Security Testing Methodology Manual (OSSTMM).

1. Preparation

2. Recognition

3. Map

4. Discovery of vulnerabilities

5. Exploitation of vulnerabilities

6. Report

Penetration Testing Approaches

Netpoy Secutiy penetration testing services support the following testing approaches:

BlackBox

It refers to testing a system without having specific knowledge of the internal workings of the information asset, without access to the source code, and without knowledge of the architecture. This approach closely mimics how an attacker might initially approach a web application. However, due to a lack of application knowledge, discovery of bugs and/or vulnerabilities may take much longer and may not provide a complete view of the application's security posture.

GrayBox

It refers to testing the system while having some knowledge of the target asset. This knowledge is typically restricted to the application URL, as well as user credentials, which represent different user roles. Greybox testing allows you to focus and prioritize efforts based on superior knowledge of the target system. This increased knowledge can result in the identification of more significant vulnerabilities, while putting much less effort. Therefore, greybox testing can be a sensible approach to better simulate the advantages attackers have over security professionals when evaluating applications. Recorded tests allow the penetration tester to fully assess the web application for potential vulnerabilities. Additionally, it allows the tester to check for any weaknesses in the application's authorization that could lead to vertical and/or horizontal escalation of privileges.

WhiteBox

It refers to testing the system while having full knowledge of the target system. At Netploy Security, our whitebox penetration test is made up of a greybox test combined with a secure code review. Such assessments will provide a complete understanding of the application and security posture of your infrastructure.

Our certifications

en_USEN