Full-scale audits aim to cover businesses’ whole digital and physical presence. Including Penetration Testing, Red Teaming and Social Engineering services.
Penetration Testing is an authorized cyber attack simulation targeting companies’ digital presence such as Web applications and IT infrastructure. It is aimed to reveal and mitigate security vulnerabilities and risks.
Black Box, Grey Box and White Box.
Black Box is done without sharing any information about internal structure and applications implementations
Grey Box is done with partially sharing information about internal structure and applications implementations
White Box is done with full access to internal infrastructure and applications’ source codes.
While both Penetration Testing and Red Teaming are cyber attack simulations, Penetration Testing has scope and tool limitations, whereas Red Teaming is mimicking real-world hacker mentality. During Red Teaming experts can use a wide variety of techniques including Social Engineering or physical interference.
Web application audit is aimed to reveal vulnerabilities and possible attack vectors and present further mitigation recommendations.
Source code analysis consists of three stages: static analysis using SAST tools, manual analysis conducted by security experts and dynamic analysis/fuzzing. Audit targets are to find vulnerabilities and code inefficiencies and suggest strategies to remediate them.