?
Close

Glossary

OWASP
The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Top 10 OWASP vulnerabilities are the main security flaws in web applications.  
Pentest
A pentest, also called penetration test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.  
Phishing
Phishing is a type of social engineering attack often used to steal user's data, including login credentials and credit card numbers.  
SAST tools
Source code analysis tools, also referred to as Static Application Security Testing (SAST) Tools, are designed to analyze source code or compiled versions of code to help find security flaws.  
Social engineering
Social engineering is the psychological manipulation of people into performing actions or divulging confidential information.  
SQL Injection
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).  
XSS Cross-Site Scripting
It is a special case of code injection in which an attacker introduces malicious code into a website by altering the information sent by a trusted source (often another website). The website receiving the information will execute the malicious code, thus granting access to otherwise protected data.  

FAQ

There can be numerous reasons why to perform a penetration test. One of the reasons, of course, is that you have to, but that’s generally not a good reason.

We can point out put some of the reasons:

  • Save on costs – penetration test costs less than damage, that you encounter if you have vulnerable systems or applications in your environment.
  • Manage risk – lower your exposure and be ahead of real hackers.
  • Reduce downtime – incidents cost time and money and every minute that your application is down because of a hack is important.
  • Be compliant – most of the businesses these days require compliance in the area of cybersecurity, and don’t let this be an obstacle on your way to success.

Maybe one of the most important reasons to get a proper penetration testing team and test done is to be sure, that all of your systems and application have been tested for vulnerabilities and you can focus on your business and your clients.

The shortest possible answer is that it depends. It depends on the size of the application, technology used, experience and skillset of the pentester. You should also take into account, that sometimes also quality of the application also counts.

On average one mid size application is tested in one week. We are following our own process of testing and assigning at least two skilled pentesters to perform testing. After testing presentation of results is mandatory and also verification that confirms, that all issues have been remediated properly.

The answer to this questions is the hardest one. It depends on different input parameters like:

  • Size of the applications
  • Technologies used
  • Whether or not the application has already been pentested
  • How deep should the application be tested
  • Onsite or remote testing
  • Remediation included or not

Even if you think a penetration test is expensive, there is no other way to verify how secure your application really is. If real hackers manage to compromise your application it will cost you a lot more than penetration test itself.