Penetration testing

Cycura’s Penetration Testing services are a holistic, technical deep dive by experienced, certified researchers and engineers so you get the right information to properly secure your product or network.

moving browser screen and large monitor overlapping each other

What Penetration Testing is (to us).

Penetration Testing is a robust suite of manual tests, supported by customized tools, performed by teams of expert “ethical hackers” to identify weaknesses and exploit vulnerabilities in a system, network or software, so these risks can be eliminated or mitigated.

What Penetration Testing isn’t (to us).

Penetration Testing isn’t an automated Vulnerability Scan, a Network Assessment, or Security Compliance Checklist. Quick, superficial, dirt-cheap - three terms that don’t describe a real Penetration Test. The real value of Penetration Testing comes from its comprehensiveness and applicability to your organization; half-measures don’t cut it.

There are three different types of Penetration Tests—Black Box, Grey Box and White Box—and organizations will often combine different testing methodologies, depending on their goals and technology.

Three dimensional black box

Black box

In a Black Box Penetration Test, an organization will be able to understand the level of risk they face from any type of malicious party (ranging from an inexperienced “script kiddie” to an exceptionally well resourced and skilled nation state) who has decided to focus their efforts on that organization, their clients, or their products.

Three dimensional grey box

Grey box

In a Grey Box Penetration Test, we take an interactive, authenticated look at applications and/or infrastructure. Our testing is designed to determine how far we can escalate our privileges and exploit business logic and application weaknesses. Our goal is to show the end-to-end impact of these risks, so we can recommend appropriate actions to secure your assets.

Three dimensional white box

White box

In a White Box Penetration Test, we leverage any available system and application design information, along with privileged accounts, to fully explore all attack scenarios. This “open book” approach explores all of the application, infrastructure and environmental factors at length, in order to provide the most comprehensive set of recommendations to address present risks.

What test does your app or infrastructure need?

Find out with these 10 quick questions.

Security is more than just a blinking box.

Black Box? Grey box? White box? At Cycura, security isn’t about the box you bought. It’s about the people and processes that allow us to think outside of that box—and get the best results for you.

No sales pitches

We quickly bring in our experts to dive into the details of your infrastructure or application so we can properly assess your needs and determine a cost.

Mad skills

We like to think of our folks as security surgeons—researchers with the training, certifications and experience to perform the most demanding of procedures, then report on them in a meaningful way. 

Real humans

There’s no superficial automated assessments, here. We get up close and personal with your app or infrastructure for 12 to 15 days of uninterrupted hands-on ethical hacking.

Long-term relationships

We’re as invested in the success of your company as you are. As your needs evolve, we’re there for advice and assistance, with the advantage of knowing how to tackle the security requirements of your business, inside and out.

Our 7-step process

This isn’t your average pen test. It's based on OWASP’s technical guidelines, with the option to add retesting and attestation as proof that your app or infrastructure is secure.

1

DISCOVERY

A robust discovery is critical to proper test scoping and useful results. We dig deep to understand your goals, your context, and the specific infrastructure, app or firmware you need to protect so nothing gets missed.

2

SCOPING

Our scoping documents are clear and comprehensive. They outline the tools, methods, timing, team and rationale so you understand exactly what to expect—plus the how, who, when, why and how much.

3

INTELLIGENCE GATHERING

Depending on the type of penetration test you need, we do everything from scouring publicly available information and social media networks to investigating your internal and external footprints and even covert onsite investigations to gather intelligence that could be used against you.

4

VULNERABILITY ANALYSIS

We identify all potential vulnerabilities, then take things to the next level by validating those vulnerabilities so you aren’t wasting resources rectifying vulnerabilities that don’t matter. We perform active and passive vulnerability testing and document all attack avenues in an attack tree.

5

EXPLOITATION

This is where we use the information we’ve gathered to gain access to your systems. Options include cracking passwords, brute force attacks, radio frequency access, VPNs and more. Once we’ve gained access, we see what activities we’re able to accomplish behind-the-scenes.

6

REPORTING

A Cycura penetration testing report tells you exactly what we discovered, the business impacts of different breaches and recommends actions to rectify vulnerabilities. Our reports are clearly written so they’re easily understood and acted on. Our goal is to empower your team to make changes or provide the information required to quickly engage with a partner to address issues.

7

FOLLOW UP

Every testing engagement includes an invitation to discuss next steps, either for support in addressing vulnerabilities or confirmation that all issues have been rectified. We’re available for retesting and can provide proof, in the form of a legal attestation, that you can show to a prospective client or your COO.

Cycura’s penetration testing isn’t for everyone. Is it for you?

 Find out with a free discovery.

White cycura logo on a transparent background

Address

1300 Yonge Street, Suite 410
Toronto, Ontario, Canada
M4T 1X3

phone

General Inquiries: 1-647-479-8425
Incident Response: 1-844-227-0452

connect

© 2021 CYCURA Data Protection Corp.