gradient-shade
logo-outline

PENETRATION TESTING

A penetration test is an engagement for assessing the security posture of your organization. Our team of certified penetration testing professionals, Obrela Labs, safely exploits any weakness found within your digital universe, giving you critical insight into how your remediation efforts need to be prioritized. OBRELA Labs excels in conducting thorough and intensive security examinations and offers an array of penetration testing services.

  • OVERVIEW

    OVERVIEW

    Our penetration testing services provide a transparent, practical perspective on the potential areas and methods through which attackers might leverage vulnerabilities within your cloud infrastructure, networks, applications, staff, and procedures. Our goal is to ensure that you are confident in your security controls, allowing you to focus on your core business activities with assurance and confidence in knowing that you have eliminated cyber security blind spots.

TYPES OF PENETRATION TESTING SERVICES

Web Application Testing
logo-outline

  • The Web Application Penetration Testing simulates a malicious application user that attacks the application in scope – assuming knowledge of credentials by attempting to circumvent the application’s logic or by taking advantage of potential application’s security weaknesses in order to obtain unauthorized access to the data served by the application with respect to the confidentiality, integrity and availability of the latter.

    More specifically, the attack vectors within the context of the testing will evaluate the ability of a malicious user to:

    • Obtain unauthorized access to sensitive data
    • Modify, corrupt or destroy data
    • Attack application’s users
    • Perturb the application and its components
    • Change or introduce software, malicious or otherwise

    The objective of the testing is (a) to discover – in depth – and exploit any security weaknesses on the application, (b) to identify the level of risk associated with these weaknesses and (c) to recommend countermeasures to mitigate the associated risk.

    In-depth, fully OWASP compliant manual assessment on every area of interest i.e. Authentication, Session Management, Access controls, Input validation, Business Logic, is performed by Labs’ highly skilled and certified Penetration Testers. Exploitation upon authorization is included in order to identify synergies among identified vulnerabilities.

    The testing is conducted by combining industry leading automated testing tools, along with Obrela Labs’ manual testing methods that aim to identify and exploit vulnerabilities according to the OWASP framework

  • image

  • The External Black Box Penetration Testing simulates an external actor from the internet, without any previous knowledge of the infrastructure and/or configuration, that attacks the external facing network services on the target perimeter. The approach is goal oriented and aims to demonstrate the maximum impact of a successful attack that could allow a third party to obtain unauthorized access to the data served by the systems in scope with respect to the confidentiality, integrity and availability of the latter.

    More specifically, the attack vectors within the context of the Penetration Testing will evaluate the ability of an external actor to:

    • Obtain unauthorized system or network privileges
    • Obtain unauthorized access to sensitive data
    • Modify, corrupt or destroy data
    • Eavesdrop network communications
    • Change or introduce software, malicious or otherwise

    The objective of the Penetration Testing is (a) to discover and exploit security weaknesses on the perimeter in scope, (b) to identify the level of risk associated with these weaknesses and (c) to recommend countermeasures to in order to mitigate the associated risk.

    The Penetration Testing is conducted remotely, by combining industry leading automated testing tools along with Obrela Labs’ manual testing methods that aim to identify and exploit both known and unknown software flaws, misconfigurations and operational/control weaknesses while the testing is focused on in-depth coverage.

  • image

  • The Internal Penetration Testing services simulates a malicious agent (e.g. employee, vendor, contractor) that has access on the internal network, without previous knowledge of the infrastructure and/or configuration – attacking the internal corporate network and systems. The approach is goal oriented and aims to demonstrate the maximum impact of a successful attack initiated from the internal network that could allow an attacker to obtain unauthorized access to the data served by the systems in scope with respect to the confidentiality, integrity and availability of the latter.

    More specifically, the attack vectors within the context of the Penetration Testing will evaluate the ability of an internal actor to:

    • Obtain unauthorized system or internal network privileges
    • Obtain unauthorized access to sensitive data
    • Modify, corrupt or destroy data
    • Eavesdrop network communications
    • Change or introduce software, malicious or otherwise

    The objective of the Penetration Testing is (a) to discover and exploit security weaknesses on the internal network, (b) to identify the level of risk associated with these weaknesses and (c) to recommend countermeasures to mitigate the associated risk.

    The Penetration Testing is conducted by combining industry leading automated testing tools  along with Obrela Labs’ manual testing methods that aim to identify and exploit both known and unknown software flaws, misconfigurations and operational/control weaknesses, while the testing is focused on in-depth coverage.

  • image

  • The Mobile Application Testing simulates a malicious application user that attacks the application in scope – assuming knowledge of credentials – by attempting to circumvent the application’s logic or by taking advantage of potential application’s security weaknesses in order to obtain unauthorized access to the data served by the application, with respect to the confidentiality, integrity and availability of the latter.

    More specifically, the attack vectors within the context of the testing will evaluate the ability of a malicious user to:

    • Obtain unauthorized access to sensitive data
    • Modify, corrupt or destroy data
    • Perturb the application and its components
    • Change or introduce software, malicious or otherwise

    The objective of the testing is (a) to discover -in depth- and exploit security weaknesses on the application, (b) to identify the level of risk associated with these weaknesses and (c) to recommend countermeasures to mitigate the associated risk.

    Includes in-depth, pre- and post authenticated content of the server-side part of the application, its roles and the client application on user’s mobile phone. Fully OWASP compliant, Obrela’s highly skilled and certified Penetration Testers perform manual assessment on every area of interest i.e. Authentication, Session Management, Access controls, Input validation, Business Logic. Exploitation upon authorization is included in order to identify synergies among identified vulnerabilities.

    The testing is conducted using a combination of industry leading automated testing tools along with Obrela Labs’ manual testing methods that aim to identify and exploit vulnerabilities according to OWASP framework.

  • image
  • OUR METHODOLOGY | OWASP FRAMEWORK

    OUR METHODOLOGY | OWASP FRAMEWORK

    In-depth, fully OWASP compliant manual assessment on every area of interest i.e. Authentication, Session Management, Access controls, Input validation, Business Logic, is performed by Obrela Labs’ highly skilled and certified Penetration Testers. Exploitation upon authorization is included in order to identify synergies among identified vulnerabilities.

    The penetration testing service is conducted by combining industry leading automated testing tools, along with Obrela Labs’ manual testing methods that aim to identify and exploit vulnerabilities according to the OWASP framework.

A CREST CERTIFIED COMPANY

  • CREST CERTIFIED

    Obrela Labs proudly holds CREST certification, a global mark of excellence in the field of cybersecurity. This certification demonstrates Obrela Labs’ unwavering commitment to maintaining the highest standards of professional competence and ethics within the industry.

    seventy-thirty-card-img

ABOUT CREST

  • CREST Certification: A Global Benchmark

    CREST certification is recognized internationally as a benchmark of excellence in cybersecurity. It signifies that Obrela Labs has met stringent criteria for technical expertise, ethical conduct, and a commitment to ongoing professional development.

  • Expertise and Cutting-Edge Knowledge

    By achieving CREST certification, Obrela Labs showcases its exceptional expertise in areas such as penetration testing and simulated target attack and response (STAR) penetration testing. This certification is a testament to the team's advanced knowledge of the latest tools, tactics, and procedures in the ever-evolving cybersecurity landscape.

  • Client Confidence and Assurance

    For clients, Obrela Labs' CREST certification provides peace of mind. It assures them that they are partnering with a trusted organization that adheres to the highest industry standards. With this certification, clients can trust that their cybersecurity needs are in the hands of true professionals who are committed to delivering the best possible service.

  • Continued Commitment to Excellence

    Obrela Labs' pursuit of CREST certification exemplifies its ongoing dedication to excellence in the field of cybersecurity. It is a commitment to continuously enhancing its capabilities, staying up-to-date with emerging threats, and ensuring that clients receive the most effective and reliable cybersecurity solutions available.

ACCREDITATIONS

  • logo-icon
  • logo-icon
  • logo-icon
  • logo-icon
Book a Demo