Resources - Viris

Glossary

OWASP

The Open Web Application Security Project (OWASP) ® is a nonprofit foundation that works to improve the security of software. The Top 10 OWASP vulnerabilities are the main security flaws in web applications.

Pentest

A pentest, also called penetration test or ethical hacking, is an authorized simulated cyberattack on a computer system performed to evaluate the security of the system.

Phishing

Phishing is a type of social engineering attack often used to steal user's data, including login credentials and credit card numbers.

SAST tools

Source code analysis tools, also referred to as Static Application Security Testing (SAST) Tools, are designed to analyze source code or compiled versions of code to help find security flaws.

Social engineering

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information.

SQL Injection

SQL injection is a code injection technique used to attack data-driven applications in which malicious SQL statements are inserted into an entry field for execution (e.g., to dump the database contents to the attacker).

XSS Cross-Site Scripting

It is a special case of code injection in which an attacker introduces malicious code into a website by altering the information sent by a trusted source (often another website). The website receiving the information will execute the malicious code, thus granting access to otherwise protected data.

FAQ

Why do we need a penetration test?

There can be numerous reasons why to perform a penetration test. One of the reasons, of course, is that you have to, but that’s generally not a good reason.

We can point out put some of the reasons:

Save on costs – penetration test costs less than damage, that you encounter if you have vulnerable systems or applications in your environment.
Manage risk – lower your exposure and be ahead of real hackers.
Reduce downtime – incidents cost time and money and every minute that your application is down because of a hack is important.
Be compliant – most of the businesses these days require compliance in the area of cybersecurity, and don’t let this be an obstacle on your way to success.

Maybe one of the most important reasons to get a proper penetration testing team and test done is to be sure, that all of your systems and application have been tested for vulnerabilities and you can focus on your business and your clients.

How long does it take to do a penetration test?

The shortest possible answer is that it depends. It depends on the size of the application, technology used, experience and skillset of the pentester. You should also take into account, that sometimes also quality of the application also counts.

On average one mid size application is tested in one week. We are following our own process of testing and assigning at least two skilled pentesters to perform testing. After testing presentation of results is mandatory and also verification that confirms, that all issues have been remediated properly.

How much does a penetration test cost?

Determining the cost of a penetration test can be complex as it is influenced by various factors, such as:

The size of the applications
The technologies implemented
Previous penetration testing (if any)
The depth of testing required
Onsite or remote testing preferences
Whether remediation is included

Even though penetration testing might seem costly, it’s the key investment in securing your application. The only definitive way to validate the security of your application is through such a test. Experiencing a real-world breach at the hands of hackers can prove to be significantly more expensive and damaging than the cost of a penetration test.