Ask us a question

You are here

Performing pen tests

Why penetration testing?

On average, websites suffer 22 cyberattack attempts per day. One effective way to protect your online services and applications is to assess their exposure to cyberattacks by simulating a real-world attack.

Performing pentests offers immediate and valuable benefits:

  • save sizeable amounts of money in potential data breaches, losses and frauds;
  • prevent damage to your company's reputation and customer confidence, and avoid business disruptions;
  • convince your customers and partners that your applications and solutions are secure;
  • get your company prepared for an audit or a certification;
  • limit the risk of data breach and ensure your GDPR compliance;

Whether you are a start‑up, a SME or a large company, penetration testing is a wise investment: studies have shown that 43% of cyberattacks now target small businesses.

Our team of experienced ethical hackers can perform in-depth and on-demand penetration tests considering your environment, your resources and your risk exposure.

Approach pen test services cover:

  • Web application penetration testing;
  • Mobile application penetration testing;
  • Infrastructure penetration testing;
  • Network (wired and wireless) penetration testing;
  • Red team attack simulation;
  • Social engineering penetration testing;
  • Embedded devices and IoT penetration testing;
  • Dedicated hardware (smartcard, HSM, firewalls, etc.);
  • Home‑made communication protocols penetration testing.

Approach penetration testing methodology is based on the OSSTMM:

Pursuant to the principles of the OSSTMM, our missions may encompass the following phases (which may or may not be required, depending on the customer's needs):

  • Scope definition
  • Architecture discovery
  • Services enumeration
  • Vulnerability tests 
  • Attack scenario
  • Exploitation
  • Lateral movement to attack other systems
  • Reporting and recommendations

Our deliverable: an exhaustive report with concrete recommendations

Like all the security assessments we perform, the result is a detailed and contextualized report containing valuable recommendations to make attacks much harder (or impossible). These recommendations are rated, prioritized by criticality and cost, englobed in structural measures if possible, and formalized to be usable in compliance reports and customers’ communication. This is usually completed by a management summary section and a presentation.

Approach, your most valuable partner

Approach is one of the leading penetration testing companies in Belgium, having performed hundreds of missions for more than 15 years. Our team of ethical hackers combines the highest skills with in-depth experience.  Its members keep continuously abreast of new threats by attending conferences, writing technical papers or obtaining new certifications.

Our service offering covers the whole chain of cyber-security (GRC, secure development, operational security, etc.), so our ethical hackers can also rely on the expertise of the other teams to deliver the best contextualized recommendations and not only generic ones.

Client references

“Thanks to Approach's intrusion tests and recommendations, we higher a lot our security level before being exposed to an attack.”  Alexandre Lienard, Chief Information Security Officer, Nethys Group

"For more than 10 years now, Approach has been helping NATO, maintaining an extremely high level of security for applications managing restricted information".   Dimitris Stavrakis, Head of NATO Standardization Office

LuxTrust - Approach

"Thanks to Approach, we were able to provide our partners and customers with a solution combining high security and smooth integration."  Stéphane RIES, Deputy CEO & COO, LuxTrust

“Edenred takes privacy of its customers and employees very seriously. In Approach we found an ideal partner to help us assess our maturity level against the General Data Protection Regulation, establish and drive a roadmap with the objective to meet our compliance obligations.”  Koen Reyniers, COO BENELUX EDENRED

Publications & events

Published on 04 April 2018

Rise of DDoS Amplification Attacks

Since the end of February 2018, we’ve seen a rise of DDoS Amplification attacks, with in some case more than 1Tbps of traffic generated. ...
Read more

Published on 13 April 2018

Replay of the RTL TVI show "Tout s'explique" dedicated to cyber-security

During the interview,  we had the opportunity to demonstrate, in a popularized way, how easy it is for a third-party application to...
Read more

Published on 09 May 2018

The mechanism of a targeted phishing attack

Several cases of targeted phishing by email have been reported by some of our clients.  Download our white paper to learn more about...
Read more

Published on 04 September 2018

How I hacked a cheap IoT and how it could have been prevented

As a cyber-security company, we regularly create internal contests. The latest one was focusing on the hacking of an IoT application.
Read more

Published on 12 October 2018

How do you deal with low risk level vulnerabilities ?

Nothing should be left behind when speaking in terms of security...  A story by David Bloom, Cyber-Security Consultant at Approach.
Read more

Published on 27 November 2018

Test Achats/Test Aankoop pentests on Belgian e-shops: outlaw methods for hasty conclusions?

Test Achats tested the security of 100 online shops. Was this initiative legal? Are 55 e-commerce sites really vulnerable? 
Read more

Published on 21 January 2019

Why should your organisation go for ISO27001 certification?

Digitised services are exposed to a broad spectrum of cyber-threats attacks. Obtaining the ISO27001 certificate can be a...
Read more


Brussels Expo (2 days )

Approach at Infosecurity Belgium 2019

Join us at Infosecurity on March 20th and 21st !
Read more

Published on 10 January 2019

Approach is nominated Trends Gazelles 2019

This nomination is a nice recognition of our sustainable...
Read more


Web Contest (19 days)

Master CyberSecurity Tournament: Approach CTF is ready!

The students in Master CyberSecurity will have 19 days to find more than 20 flags. 
Read more

Our approach to cyber-security

Our customers benefit from the expertise and talent of our people, combined with pragmatic and proven methods and the efficiency brought by our assets:


Expertise and talent

Since 2001 we have applied our experience in cyber-security gained in various industries, from small to large businesses. Our people are seasoned, certified professionals who continuously improve and extend their knowledge.


Pragmatic and proven methods

We rely on most recognised, easily auditable and adopted standards and good practices and apply them pragmatically. We always tailor our approach to your particular context, needs and organisation culture.


Asset-based approach

We make use of the most advanced and reliable tools and solutions to support our services. This enables us to be more efficient during delivery, enforce the use of standard auditable methods and provide transparency about our achievements and your results.

Certified professionals
Success stories
Year of establishment
+ 0%
Average annual growth