Frequently Asked Questions
What is a pentest?
Pentest, which stands for a penetration test, is a controlled attempt at breaching the security of an application, system, website, or network infrastructure. The methods used by a pentester are exactly the same as those used by actual cybercriminals. The aim of a penetration test is to identify and find any security vulnerabilities in order to provide recommendations for patching them out.
What is a black box pentest?
A black box pentest is a penetration test in which the attacker does not have any data about the system other than the information about the subject of the test, in many cases this is limited to nothing but the address of the attacked website. The purpose of a black box test is to check whether the system is vulnerable to potential breaches from the outside. This is the fastest and most efficient way to assess the security of a system. The quality of a test directly hinges upon the competencies and skills of the tester – their experience and expertise, ability to think outside the box and the various tools they can use to find and exploit vulnerabilities.
What is a white box pentest?
A white box pentest (sometimes also referred to as clear-box or open-box) is a penetration test, in which the attacker has full knowledge of the system, including its source code. This type of testing entails meticulous analyses of massive amounts of data. The aim of such a test is to detect configuration errors and vulnerabilities resulting from bugs in source code and application operation. This is the most time-consuming form of penetration testing. At the same time, this kind of test provides a wealth of concrete information about security vulnerabilities that might go undetected, if a different model is used.
What is a grey box pentest?
A grey box pentest is a mix between the two models described above. The tester receives basic information about the tested environment, including its architecture. The attacker might also have an active account in the system. The aim is to simulate an attack carried out from the inside by an intruder – for example, a current or former employee. With some information on hand at the outset of the attack, the pentester can focus on testing the security of various areas – systems, databases, applications – have the greatest value to the Client.
What is OWASP?
OWASP, or the Open Web Application Security Project is an online community dedicated to web application security issues. Some of their projects include the OWASP Top 10 lists – ranking lists of the most common vulnerability categories in web and mobile applications, Internet of Things (IoT) devices and serverless applications.
What is Capture The Flag?
Capture The Flag (CTF) is a general name that describes tournaments for experts, who specialise in creating security systems and breaching them. A flag in this case is nothing but a piece of code that needs to be found, for example, in a database, in a disk image, in an audio recording, or in the source code of an application. Completing this task requires breaching all security measures that stand in the way.
What is a software patch?
Software patches are fixes for the bugs that have been discovered after the application has been released to the market. The name comes from code snippets that are used to patch security vulnerabilities in the system. Patches can also improve performance or expand the feature sets of software.
What is malware?
Malware is a short umbrella term for all kinds of malicious software. Malware is used by cybercriminals to lock or take control of a device, as well as to steal and destroy data. Malware is a collective term for many types of malicious software, including some of the most well-known categories – worms, trojans, and spyware.
An attack using a code snippet that is attached to a database query. An SQL injection is possible due to unsanitized application inputs. The aim of such an attack is to get a response that was not intended by the developer, for example gaining unauthorised access to personal information.
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.