First things first. You have to know the scope of testing. Penetration testing is a widely used term and can mean many different things. Is it a web application only? Does it include a source code review? Is infrastructure involved? A cloud application with Azure or AWS? Trying to get a complete overview of issues or is there a goal driven approach, where the assessment tries to actually break into an organization and steal crown jewels? All these examples can fall under the term penetration testing if you want.
We are here to help you, each step of the way. Using a unique approach to prepare, execute and deliver is what makes bluedog unique. The entire process is closely governed and controlled by skilled professionals with dozens of years of experience in the field.
No, it isn’t. We live in a mobile world now, where responsive, single page applications with front and backends are flourishing.
It’s all about business logic bypasses and authorization or authentication flaws inside applications. Can you do something with a backend API that you are not supposed to; building a malicious app around that API? This is the kind of problem that requires human intelligence, not a tool.
Security testing is done by technical experts, who know how to break into an application or network with ease. But the end result for all of these assessments is still a report that is used within organizations to assess and mitigate risks identified during these assessments.
What we do at bluedog when it comes to writing reports, is to look at the business risk and impact for the issues that have been identified. Not only on an individual basis, but more so what will happen if individual issues are combined into a chained attack.
REST/API Interfaces Pen Testing
Active Directory Pen Testing
Mobile Application Pen Testing
On-Premise Penetration Testing