You are here
Performing pen tests
Why penetration testing?
On average, websites suffer 22 cyberattack attempts per day. One effective way to protect your online services and applications is to assess their exposure to cyberattacks by simulating a real-world attack.
Performing pentests offers immediate and valuable benefits:
- save sizeable amounts of money in potential data breaches, losses and frauds;
- prevent damage to your company's reputation and customer confidence, and avoid business disruptions;
- convince your customers and partners that your applications and solutions are secure;
- get your company prepared for an audit or a certification;
- limit the risk of data breach and ensure your GDPR compliance;
Whether you are a start‑up, a SME or a large company, penetration testing is a wise investment: studies have shown that 43% of cyberattacks now target small businesses.
Our team of experienced ethical hackers can perform in-depth and on-demand penetration tests considering your environment, your resources and your risk exposure.
Approach pen test services cover:
- Web application penetration testing;
- Mobile application penetration testing;
- Infrastructure penetration testing;
- Network (wired and wireless) penetration testing;
- Red team attack simulation;
- Social engineering penetration testing;
- Embedded devices and IoT penetration testing;
- Dedicated hardware (smartcard, HSM, firewalls, etc.);
- Home‑made communication protocols penetration testing.
Approach penetration testing methodology is based on the OSSTMM:
Pursuant to the principles of the OSSTMM, our missions may encompass the following phases (which may or may not be required, depending on the customer's needs):
- Scope definition
- Architecture discovery
- Services enumeration
- Vulnerability tests
- Attack scenario
- Lateral movement to attack other systems
- Reporting and recommendations
Our deliverable: an exhaustive report with concrete recommendations
Like all the security assessments we perform, the result is a detailed and contextualized report containing valuable recommendations to make attacks much harder (or impossible). These recommendations are rated, prioritized by criticality and cost, englobed in structural measures if possible, and formalized to be usable in compliance reports and customers’ communication. This is usually completed by a management summary section and a presentation.
Approach, your most valuable partner
Approach is one of the leading penetration testing companies in Belgium, having performed hundreds of missions for more than 15 years. Our team of ethical hackers combines the highest skills with in-depth experience. Its members keep continuously abreast of new threats by attending conferences, writing technical papers or obtaining new certifications.
Our service offering covers the whole chain of cyber security (GRC, secure development, operational security, etc.), so our ethical hackers can also rely on the expertise of the other teams to deliver the best contextualized recommendations and not only generic ones.
Published on 22 May 2019
Keep your IBAN secret, it could be easily abused!
National press coverage: Approach has discovered a critical flaw in major online shops They all...
Published on 16 May 2019
Approach opens an office in Antwerp
In order to pursue its growth ambitions and become the Belgian reference in cyber security, Approach opens a second office...
Published on 23 April 2019
Did you scan your security scanner?
Our ethical hacking team has discovered vulnerabilities in one of the most reputable security scanner.
Published on 05 April 2019
Get a grant for your IT security projects - Brussels-Capital Region
Since March 25, 2019, micro, small and medium-sized companies that have a headquarters in the Brussels-Capital Region can...
Published on 10 January 2019
Approach is nominated Trends Gazelles 2019
This nomination is a nice...
Published on 27 November 2018
Test Achats/Test Aankoop pentests on Belgian e-shops: outlaw methods for hasty conclusions?
Test Achats tested the security of 100 online shops. Was this initiative legal? Are 55 e-commerce sites really...
Published on 12 October 2018
How do you deal with low risk level vulnerabilities ?
Nothing should be left behind when speaking in terms of security... A story by David Bloom, Cyber-Security Consultant...
Published on 04 September 2018
How I hacked a cheap IoT and how it could have been prevented
As a cyber-security company, we regularly create internal contests. The latest one was focusing on the hacking of an IoT...
Published on 09 May 2018
The mechanism of a targeted phishing attack
Several cases of targeted phishing by email have been reported by some of our clients. Download our white paper to...
Published on 13 April 2018
Replay of the RTL TVI show "Tout s'explique" dedicated to cyber security
During the interview, we had the opportunity to demonstrate, in a popularized way, how easy it is for a third...