OVERVIEW
Our penetration testing services provide a transparent, practical perspective on the potential areas and methods through which attackers might leverage vulnerabilities within your cloud infrastructure, networks, applications, staff, and procedures. Our goal is to ensure that you are confident in your security controls, allowing you to focus on your core business activities with assurance and confidence in knowing that you have eliminated cyber security blind spots.
TYPES OF PENETRATION TESTING SERVICES
The Web Application Penetration Testing simulates a malicious application user that attacks the application in scope – assuming knowledge of credentials by attempting to circumvent the application’s logic or by taking advantage of potential application’s security weaknesses in order to obtain unauthorized access to the data served by the application with respect to the confidentiality, integrity and availability of the latter.
More specifically, the attack vectors within the context of the testing will evaluate the ability of a malicious user to:
- Obtain unauthorized access to sensitive data
- Modify, corrupt or destroy data
- Attack application’s users
- Perturb the application and its components
- Change or introduce software, malicious or otherwise
The objective of the testing is (a) to discover – in depth – and exploit any security weaknesses on the application, (b) to identify the level of risk associated with these weaknesses and (c) to recommend countermeasures to mitigate the associated risk.
In-depth, fully OWASP compliant manual assessment on every area of interest i.e. Authentication, Session Management, Access controls, Input validation, Business Logic, is performed by Labs’ highly skilled and certified Penetration Testers. Exploitation upon authorization is included in order to identify synergies among identified vulnerabilities.
The testing is conducted by combining industry leading automated testing tools, along with Obrela Labs’ manual testing methods that aim to identify and exploit vulnerabilities according to the OWASP framework
The External Black Box Penetration Testing simulates an external actor from the internet, without any previous knowledge of the infrastructure and/or configuration, that attacks the external facing network services on the target perimeter. The approach is goal oriented and aims to demonstrate the maximum impact of a successful attack that could allow a third party to obtain unauthorized access to the data served by the systems in scope with respect to the confidentiality, integrity and availability of the latter.
More specifically, the attack vectors within the context of the Penetration Testing will evaluate the ability of an external actor to:
- Obtain unauthorized system or network privileges
- Obtain unauthorized access to sensitive data
- Modify, corrupt or destroy data
- Eavesdrop network communications
- Change or introduce software, malicious or otherwise
The objective of the Penetration Testing is (a) to discover and exploit security weaknesses on the perimeter in scope, (b) to identify the level of risk associated with these weaknesses and (c) to recommend countermeasures to in order to mitigate the associated risk.
The Penetration Testing is conducted remotely, by combining industry leading automated testing tools along with Obrela Labs’ manual testing methods that aim to identify and exploit both known and unknown software flaws, misconfigurations and operational/control weaknesses while the testing is focused on in-depth coverage.
The Internal Penetration Testing services simulates a malicious agent (e.g. employee, vendor, contractor) that has access on the internal network, without previous knowledge of the infrastructure and/or configuration – attacking the internal corporate network and systems. The approach is goal oriented and aims to demonstrate the maximum impact of a successful attack initiated from the internal network that could allow an attacker to obtain unauthorized access to the data served by the systems in scope with respect to the confidentiality, integrity and availability of the latter.
More specifically, the attack vectors within the context of the Penetration Testing will evaluate the ability of an internal actor to:
- Obtain unauthorized system or internal network privileges
- Obtain unauthorized access to sensitive data
- Modify, corrupt or destroy data
- Eavesdrop network communications
- Change or introduce software, malicious or otherwise
The objective of the Penetration Testing is (a) to discover and exploit security weaknesses on the internal network, (b) to identify the level of risk associated with these weaknesses and (c) to recommend countermeasures to mitigate the associated risk.
The Penetration Testing is conducted by combining industry leading automated testing tools along with Obrela Labs’ manual testing methods that aim to identify and exploit both known and unknown software flaws, misconfigurations and operational/control weaknesses, while the testing is focused on in-depth coverage.
The Mobile Application Testing simulates a malicious application user that attacks the application in scope – assuming knowledge of credentials – by attempting to circumvent the application’s logic or by taking advantage of potential application’s security weaknesses in order to obtain unauthorized access to the data served by the application, with respect to the confidentiality, integrity and availability of the latter.
More specifically, the attack vectors within the context of the testing will evaluate the ability of a malicious user to:
- Obtain unauthorized access to sensitive data
- Modify, corrupt or destroy data
- Perturb the application and its components
- Change or introduce software, malicious or otherwise
The objective of the testing is (a) to discover -in depth- and exploit security weaknesses on the application, (b) to identify the level of risk associated with these weaknesses and (c) to recommend countermeasures to mitigate the associated risk.
Includes in-depth, pre- and post authenticated content of the server-side part of the application, its roles and the client application on user’s mobile phone. Fully OWASP compliant, Obrela’s highly skilled and certified Penetration Testers perform manual assessment on every area of interest i.e. Authentication, Session Management, Access controls, Input validation, Business Logic. Exploitation upon authorization is included in order to identify synergies among identified vulnerabilities.
The testing is conducted using a combination of industry leading automated testing tools along with Obrela Labs’ manual testing methods that aim to identify and exploit vulnerabilities according to OWASP framework.
OUR METHODOLOGY | OWASP FRAMEWORK
In-depth, fully OWASP compliant manual assessment on every area of interest i.e. Authentication, Session Management, Access controls, Input validation, Business Logic, is performed by Obrela Labs’ highly skilled and certified Penetration Testers. Exploitation upon authorization is included in order to identify synergies among identified vulnerabilities.
The penetration testing service is conducted by combining industry leading automated testing tools, along with Obrela Labs’ manual testing methods that aim to identify and exploit vulnerabilities according to the OWASP framework.
A CREST CERTIFIED COMPANY
ABOUT CREST
CREST Certification: A Global Benchmark
CREST certification is recognized internationally as a benchmark of excellence in cybersecurity. It signifies that Obrela Labs has met stringent criteria for technical expertise, ethical conduct, and a commitment to ongoing professional development.
Expertise and Cutting-Edge Knowledge
By achieving CREST certification, Obrela Labs showcases its exceptional expertise in areas such as penetration testing and simulated target attack and response (STAR) penetration testing. This certification is a testament to the team's advanced knowledge of the latest tools, tactics, and procedures in the ever-evolving cybersecurity landscape.
Client Confidence and Assurance
For clients, Obrela Labs' CREST certification provides peace of mind. It assures them that they are partnering with a trusted organization that adheres to the highest industry standards. With this certification, clients can trust that their cybersecurity needs are in the hands of true professionals who are committed to delivering the best possible service.
Continued Commitment to Excellence
Obrela Labs' pursuit of CREST certification exemplifies its ongoing dedication to excellence in the field of cybersecurity. It is a commitment to continuously enhancing its capabilities, staying up-to-date with emerging threats, and ensuring that clients receive the most effective and reliable cybersecurity solutions available.
ACCREDITATIONS
OBRELA LABS SERVICES
PENETRATION TESTING
Obrela Labs Penetration Testing services are carefully tailored to simulate scenarios that assume different attacker’s standpoints and levels of knowledge regarding the target.
Learn MoreRED TEAMING
The Red Teaming exercise is a long-term adversarial simulation of sophisticated real-world cyber threats. Its objective is to assess the level of readiness of the client’s organization in dealing with attacks by targeted evasive threats, across all stages (Initial Infection, Foothold establishment, Lateral Movement & Privilege Escalation, Data Exfiltration).
Learn MoreVULNERABILITY ASSESSMENT
The Vulnerability Assessment methodology consists of a vulnerability scan against the systems in scope, aiming to identify known software flaws and misconfigurations.
Learn More
GET IN TOUCH
SUBSCRIBE TO OUR NEWSLETTER
Subscribe and get up to date with all the latest industry trends and insights from the Cyber security domain.