Penetration testing is the evaluation process of any application, system, infrastructure, or service, based on predefined frameworks. The purpose of penetration testing is to identify security flaws, vulnerabilities, and address them to the Customer’s technical team, in order to improve the resiliency of business services to cyber threats and minimize the risk of a potential security breach.
Penetration method and level should be agreed upon between CYBERS and the Customer prior to the actual engagement.
Agreement conditions are defined in the Statement of Work, which consists of the following details:
Through penetration testing, we imitate the attack of cybercriminals to check the security measures of applications, systems, infrastructure and services. The purpose of penetration testing is to detect vulnerabilities and minimize signals from a planned cyber attack to ensure the performance of business-critical services.
At the end of the service, we will provide a detailed report on the findings and weaknesses and explain them during the meeting. We will also prepare a memo on these explanations and clarifications and provide recommendations for further actions to address the identified weaknesses and minimize the risks.
Testing usually lasts from 2 to 4 weeks, depending on the scope of the engagement and the complexity of systems.
In the first stage, the testing scope is agreed, ie what is tested in more detail and what is excluded from the test. The initial planned workload is also agreed upon, and depending on the nature of the test, the goals of the penetration test towards which the testers will work. An overall approach and a team of project participants who are aware of the test are agreed. Each test is unique in nature because each application and organization is different.
The purpose of the post-engagement stage is to provide the Customer with a through report of findings revealed durning the previous stage, illustrating the outcome of the exercise and carried out activities. Report will contain finding remediations. On Customer’s request, CYBERS will conduct a briefing of findings to the Customer’s personnel, such as executives, management, technical staff and other required stakeholders.
Report will be in English, unless stated otherwise in Statement of Work.
Final report will be provided within 1 week(s) after the work is completed.