Menu

US Region

Grandmetric LLC
Brookfield Place Office
200 Vesey Street
New York, NY 10281
EIN: 98-1615498
Phone: +1 302 691 94 10

info@grandmetric.com

EMEA Region

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

Professional penetration tests

Strengthen your ransomware resilience thanks to controlled hacker attacks!

Penetration testing 

Penetration testing aims to detect vulnerabilities and errors that threaten the security of a system – ICT infrastructure, network, application, or website.   

Pentest should be carried out systematically and can vary in scope, most often forming part of an audit of IT systems and infrastructure. Their main objective is to examine how resistant a network is to intrusion and the effectiveness of the security measures in place.  

Black box, gray box, white box tests  

We perform penetration testing at all levels:  

White box or crystal box teststesters work according to information about the system under the test provided by the client.  

Black box teststesters independently obtain the information necessary to compromise systems – this model best reflects an actual cyberattack. 

Gray box tests – a hybrid of the two methods mentioned above. 

An essential part of each test is a summary report that describes the problems identified and assesses the risk of occurrence. It includes specific recommendations aimed at their effective elimination.  

Assess whether you would benefit from penetration testing  

Penetration testing should be a mandatory part of your IT strategy if: 

You are the owner or manager of a company that has an IT infrastructure 
 

You store data, especially sensitive and personal ones 

You want to protect your knowledge, patents, and company know-how 

In your company, at least part of the team works remotely. 

Effects of penetration testing   

You will review the effectiveness of the security features  

You will find out how well your assets are currently protected. 

You will investigate the system’s vulnerability to a potential cyberattack  

You will launch a hacking attack on the infrastructure in a controlled manner. 

You will make the most of your equipment 

You will learn how to get rid of vulnerabilities using existing solutions. 

You will set up a recovery plan 

You will receive detailed recommendations in line with the best security practices. 

You will avoid the costs of a real attack 

Both in terms of image and in terms of stopping production lines or operations. 

You will gain credibility 

You will appear to your business partners as a technologically aware partner that is ahead of the competition. 

How do we conduct controlled attacks?  

Preparatory phase 

  • Defining the needs and establishing the scope of penetration testing, consulting with our experts and defining the client’s problems. 
  • Q&A session with IT managers.  
  • The signing of the audit agreement. 

Penetration tests 

  • Reconnaissance.  
  • Scanning.  
  • Data collection.  
  • Use of detected vulnerabilities to test the resilience of systems.  

Advisory phase 

  • Drafting of a comprehensive report detailing the defined problems and recommending solutions.  
  • Discussion of the report at a dedicated meeting with the customer. 
  • Advisory support for the implementation of safety recommendations.  
  • Optional re-testing.  

Penetration tests – FAQ  

How often should penetration tests be conducted?  

It is best to do this periodically, at least once a year, and whenever changes are made to the systems. After the pentest phase, it is also worth performing a re-test, i.e. verification of the changes made (checking that they have been implemented correctly and have not led to new security vulnerabilities).   

How long does pentesting last? 

A pentest, depending on the type, size, and complexity of the structure being tested, can take from a few days to several weeks.  

How do you check the competence of pentesters?  

The technical competence of pentesters is confirmed by certifications, issued by international cybersecurity organizations. It is also important to participate in projects similar to yours. 

What is the difference between a security audit and a penetration test?  

A penetration test only deals with its specific part (infrastructure, application, network or website) and is part of a security audit. The audit covers the entire system being audited.  

What documentation will I receive after the penetration tests? 

Grandmetric’s safety reports are detailed and meticulously produced documentation. They include by default: 

  • Executive Summary. 
  • Technical description of the report. 
  • A list of vulnerabilities with classification (high, medium, low). 
  • Vulnerability listing. 
  • Proof of finding for each vulnerability (Proof of Concept) with console dumps or screenshots. 
  • A list of recommendations for each vulnerability.

Wondering if pentesting is worthwhile? Let’s talk! 

    Schedule a free tech consultation with our expert

     

    Marcin Biały advisory architect Grandmetric

    “In today’s world, the methods and so-called vectors of attacks and spreading hazards are exceptionally diverse, not to say – sophisticated. We are faced with an ever-increasing number of possible interfaces, protocols, and interfaces with different parts of the IT environment. This is why all places where a potential attack could occur should be taken into account.”

    Marcin Biały, Advisory Architect | Board Member at Grandmetric

    Learn more about penetrations testing

    See also

    Grandmetric