US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10

EMEA Region

ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43


Grandmetric LTD
Office 584b
182-184 High Street North
E6 2JA
+44 20 3321 5276

  • en
  • pl
  • Professional penetration tests

    Strengthen your ransomware resilience thanks to controlled hacker attacks!

    Penetration testing 

    Penetration testing aims to detect vulnerabilities and errors that threaten the security of a system – ICT infrastructure, network, application, or website.   

    Pentest should be carried out systematically and can vary in scope, most often forming part of an audit of IT systems and infrastructure. Their main objective is to examine how resistant a network is to intrusion and the effectiveness of the security measures in place.  

    Black box, gray box, white box tests  

    We perform penetration testing at all levels:  


    White box or crystal box teststesters work according to information about the system under the test provided by the client.  


    Black box teststesters independently obtain the information necessary to compromise systems – this model best reflects an actual cyberattack. 


    Gray box tests – a hybrid of the two methods mentioned above. 

    An essential part of each test is a summary report that describes the problems identified and assesses the risk of occurrence. It includes specific recommendations aimed at their effective elimination.  

    Assess whether you would benefit from penetration testing  

    Penetration testing should be a mandatory part of your IT strategy if: 

    IT manager

    You are the owner or manager of a company that has an IT infrastructure 

    It data and know-how

    You store data, especially sensitive and personal ones 

    sensitive data protection

    You want to protect your knowledge, patents, and company know-how 

    employee protection

    In your company, at least part of the team works remotely. 

    Effects of penetration testing   

    You will review the effectiveness of the security features  

    You will find out how well your assets are currently protected. 

    You will investigate the system’s vulnerability to a potential cyberattack  

    You will launch a hacking attack on the infrastructure in a controlled manner. 

    You will make the most of your equipment 

    You will learn how to get rid of vulnerabilities using existing solutions. 

    You will set up a recovery plan 

    You will receive detailed recommendations in line with the best security practices. 

    You will avoid the costs of a real attack 

    Both in terms of image and in terms of stopping production lines or operations. 

    You will gain credibility 

    You will appear to your business partners as a technologically aware partner that is ahead of the competition. 

    How do we conduct controlled attacks?  

    security audit - preparation

    Preparatory phase 

    • Defining the needs and establishing the scope of penetration testing, consulting with our experts and defining the client’s problems. 
    • Q&A session with IT managers.  
    • The signing of the audit agreement. 

    Penetration tests 

    • Reconnaissance.  
    • Scanning.  
    • Data collection.  
    • Use of detected vulnerabilities to test the resilience of systems.  
    security audit - pentesting
    security audit - report

    Advisory phase 

    • Drafting of a comprehensive report detailing the defined problems and recommending solutions.  
    • Discussion of the report at a dedicated meeting with the customer. 
    • Advisory support for the implementation of safety recommendations.  
    • Optional re-testing.  

    Penetration tests – FAQ  

    How often should penetration tests be conducted?  

    It is best to do this periodically, at least once a year, and whenever changes are made to the systems. After the pentest phase, it is also worth performing a re-test, i.e. verification of the changes made (checking that they have been implemented correctly and have not led to new security vulnerabilities).   

    How long does pentesting last? 

    A pentest, depending on the type, size, and complexity of the structure being tested, can take from a few days to several weeks.  

    How do you check the competence of pentesters?  

    The technical competence of pentesters is confirmed by certifications, issued by international cybersecurity organizations. It is also important to participate in projects similar to yours. 

    What is the difference between a security audit and a penetration test?  

    A penetration test only deals with its specific part (infrastructure, application, network or website) and is part of a security audit. The audit covers the entire system being audited.  

    What documentation will I receive after the penetration tests? 

    Grandmetric’s safety reports are detailed and meticulously produced documentation. They include by default: 

    • Executive Summary. 
    • Technical description of the report. 
    • A list of vulnerabilities with classification (high, medium, low). 
    • Vulnerability listing. 
    • Proof of finding for each vulnerability (Proof of Concept) with console dumps or screenshots. 
    • A list of recommendations for each vulnerability.

    Wondering if pentesting is worthwhile? Let’s talk! 

      Talk to our expert


      Marcin Biały advisory architect Grandmetric

      “In today’s world, the methods and so-called vectors of attacks and spreading hazards are exceptionally diverse, not to say – sophisticated. We are faced with an ever-increasing number of possible interfaces, protocols, and interfaces with different parts of the IT environment. This is why all places where a potential attack could occur should be taken into account.”

      Marcin Biały, Advisory Architect | Board Member at Grandmetric

      Learn more about penetrations testing

      See also