Ask us a question

You are here

Performing penetration tests

Why do you need penetration tests?
 

  • You want to convince your customers and partners that your applications and solutions are secure
  • You want to be prepared before an audit or a certification
  • You need to ensure you are GDPR compliant
  • Or maybe you simply want to verify the level of maturity of your company in terms of information security…

In each case, should you be a start‑up or a well established company, the ultimate question you want to answer is "Can an attacker find out and exploit an vulnerability in our application, that could compromise the security of our organisation?" This is what intrusion/penetration tests are all about.

Since hackers will not limit themselves to one attack channel, we target many components of your systems during our intrusion tests: the infrastructure, custom applications and packages, the business logic, even operational processes and human operators.
 

The key is the technical expertise

By combining the experience of our ethical hackers acquired through hundred of missions for more than 15 years, with professional automated tools and manual testing , we deliver highly effective results, even in proprietary environments like dedicated hardware, home‑made communication protocols, etc.

In our cyber‑lab, we even developed proprietary tools because no commercial one was providing the needed functionality. And, because our cyber‑security team englobes both ethical hackers and other technology specialists (like development frameworks experts, malware developers, infrastructure administrators), we can deliver the best contextualised recommendations and not only generic ones. We provide formal mission report to address audit requirements and also perform quick tests for start‑ups and SMB's.
 

Our deliverable is a clear report with actionnable recommendations

Like all security assessments we perform, the result is a detailed and contextualised report containing valuable recommendations to make attacks much harder (or impossible). These recommendations are rated, prioritised by criticality and cost, englobed in structural measures if possible, and formalised to be usable in compliance reports and customers’ communication. This is usually completed by a management summary section and a presentation.

Because intrusion test is not a cowboy job we do not destroy anything

Our Security Test approach is based on the principles of the Open Source Security Testing Methodology Manual but is pragmatically customised depending on each mission scope requirements and constraints. It also includes all key elements from the PTES & OWASP and integrates smoothly with the standard ISO/IEC 27008 (as recommended in ISO/IEC 27002‑18.2.3).

Formal Rules of Engagement, based on NIST Special Publication 800‑115, guarantee a minimal disturbance of the tested environment and a smooth incident handling in case of issues.

Some of the things we can test...

  • Web based applications
  • Infrastructure
  • Wi‑Fi networks
  • Security devices (firewalls, antivirus, WAF, …)
  • Mobile applications
  • Embedded devices & IoT
  • Social engineering & Phishing

Usual penetration testing steps

  • Scope definition
  • Architecture discovery
  • Services enumeration
  • Vulnerability tests
  • Attack scenario
  • Exploitation
  • Lateral movement to attack other systems
  • Reporting and recommendations


Client references

“Thanks to Approach's intrusion tests and recommendations, we higher a lot our security level before being exposed to an attack.”  Alexandre Lienard, Chief Information Security Officer, Nethys Group

Nethys

"For more than 10 years now, Approach has been helping NATO, maintaining an extremely high level of security for applications managing restricted information".   Dimitris Stavrakis, Head of NATO Standardization Office

NATO
LuxTrust - Approach

"Thanks to Approach, we were able to provide our partners and customers with a solution combining high security and smooth integration."  Stéphane RIES, Deputy CEO & COO, LuxTrust

LuxTrust

“Edenred takes privacy of its customers and employees very seriously. In Approach we found an ideal partner to help us assess our maturity level against the General Data Protection Regulation, establish and drive a roadmap with the objective to meet our compliance obligations.”  Koen Reyniers, COO BENELUX EDENRED

Edenred

Publications & events

Published on 13 April 2018

Replay of the RTL TVI show "Tout s'explique" dedicated to cybersecurity

During the interview,  we had the opportunity to demonstrate, in a popularized way, how easy it is for a third-party application to...
Read more

Published on 04 April 2018

Rise of DDoS Amplification Attacks

Since the end of February 2018, we’ve seen a rise of DDoS Amplification attacks, with in some case more than 1Tbps of traffic generated. ...
Read more

Published on 21 March 2018

Data News Award Excellence 2018 - Approach nominations

Approach is nominated twice for the Data News Awards for Excellence 2018: Cyber-security Innovator & Scale-up Company.  Why voting for...
Read more

Published on 26 February 2018

Can we really trust an antivirus when it comes to unknown threats?

Approach CSIRT Team reproduced a similar attack in its lab ...
Read more

14March

Brussels Expo (2 days)

Approach at Infosecurity

Meet our experts to discuss about your cyber-security challenges and attend our session "the advent of mobile digital identity" at...
Read more

Published on 14 December 2017

Approach service offering and mission - brochure

We enable our customers to succeed by delivering state‑of‑the‑art solutions to cyber‑security challenges.
Read more

Our Approach to cyber-security

Our customers benefit from the expertise and talent of our people, combined with pragmatic and proven methods and the efficiency brought by our assets:

1

Expertise and talent

Since 2001 we have applied our experience in cyber-security gained in various industries, from small to large businesses. Our people are seasoned, certified professionals who continuously improve and extend their knowledge.

2

Pragmatic and proven methods

We rely on most recognised, easily auditable and adopted standards and good practices and apply them pragmatically. We always tailor our approach to your particular context, needs and organisation culture.

3

Asset-based approach

We make use of the most advanced and reliable tools and solutions to support our services. This enables us to be more efficient during delivery, enforce the use of standard auditable methods and provide transparency about our achievements and your results.

+
Certified professionals
0+
Success stories
0
Year of establishment
+ 0%
Average annual growth