/ About Penetration Tests

Penetration tests are our favourite — we love the challenge! We have perfected our testing method through years of experience because we know just how important it is for an organization to test, defend, or perform risk assessments of their infrastructure.

The goal of every project is to perform a security assessment to help the organization understand their current security posture (status) and identify potential weaknesses.

Here is how we work:

We start as black box testing and move to grey and white box, depending on the progress of the vendor, and vulnerabilities that can be exploited. The scope of work involves doing a complete assessment of the information security posture of your network coverage as well as the configuration review for the chosen amount of routers. Below we have outlined our four-phase approach to penetration testing.

Every penetration test comes with recommendations for secure configurations of particular solutions. Use our penetration tests as a testing method on a regular basis or as a one-time solution. No entry point is unimportant. No test too small! Let the games begin!

Phase 1:

Reconnaissance

The black hat uses a variety of sources to learn as much as possible about the target business and how it operates, including:
  • Domain name management/search services
  • Non-intrusive network scanning
  • Services recognition
  • Creating a network map
  • Used software recognition
The activities in this phase are not easy to defend against. Information about an organization finds its way to the Internet via various routes. Employees are often easily tricked into providing tidbits of information, which, over time, slowly completes the puzzle of processes, organizational structure, and potential soft spots.
Phase 2:

Scanning

The objective here is to test for the possibility of a network breach by a trusted source and to determine just how far this source can get, if they gain access. A detailed security analysis will be carried out on the servers and network assets that are accessible through the trusted source. Once the attacker has enough information to understand how the business works and what information of value might be available, he or she begins the process of scanning the perimeter and internal network devices looking for weaknesses, including:
  • Open ports
  • Open services
  • Vulnerable applications, including operating systems
  • Weak protection of data in transit
  • Make and model of each piece of LAN/WAN equipment
Phase 3:

Gaining Access

The objective of an External Penetration Test is to determine the possibility of an outsider (untrustworthy source) gaining access into the network through the Internet, and to determine just how far they can get, if/once they gain access. The objective of Internal Penetration Test is the same as that of an External Penetration Test, except, it is for those who are a part of a trusted source (part of the government network/internal network). In order to test this, the following steps are performed:
  • Initial tests and main penetration test plan creation
  • Detailed penetration test of requested components (edge routers, IDS/IPS, firewall, website, related servers and services)
  • Vulnerability testing.
Phase 4:

Writing Documentation

Once all tests are conducted and results are collected, the following set of documents will be presented. This post-incident analysis report will include:
  • Executive System Security Report being a high-level overview of the Management. This report will include recommendations for further development of the System.
  • Technical System Security Report being a database of vulnerabilities detected, their interpretation and proposed countermeasures. The technical report will include lists of audited systems, vulnerabilities detected, data gathered during the project and a proposal of technical solutions that can be used during securing and further development of the System.

/ Trusted by

Since many of our projects are confidential, below you can find testimonials from Clients who have agreed to share them.

Paula Januszkiewicz is a true expert. She is not only passionate and knowledgeable professional but also has business thinking. I would recommend Paula and CQURE Team to provide Security Penetration Testing and Training to anyone who is willing to improve the level of security in their organization.

Konrad Hall IT Infrastructure, Islandsbanki

The whole CQURE Team offers the highest quality services. Experts are detailed and well-prepared to projects. We are looking forward to working with the company again at future projects. I strongly recommend services of CQURE.

Tomasz Kedziora Security Director, PLAY

I've used CQURE for Penetration Testing, Internal Security Audits, Security Training, Code Reviews, IIS Configuration and Performance Testing. I found the attention to detail in the final reports provided much value over other vendors I've used in the pasts.

Brian Savage Sr. Network Engineer

CQURE Team is a group of people that are true professional with security in mind. Neuca ordered web penetration tests for two web applications. We recommend CQURE to provide web and infrastructure penetration testing to every organization that requires security check.

Rafal Szewczyk Neuca

CQURE performed for our organization Web Penetration Test. The service they provided was more than satisfactory. As a team they can be characterized by great quality of performed tasks, meeting the deadlines and high professionalism.

Sanni Laine-Luoto Managing Director, Partner, Noventia

We have worked with CQURE on several customer projects that involve various forms of security audits and security awareness training. The result was thorough reports with clear measures to be undertaken to improve the state of security in these companies.

Michele Leroux Bustamante Cofounder and CIO, Solliance

Our Pen Test was conducted by CQURE on-site MELA Sciences. They were very extremely thorough in checking our security, configuration and performance. This would be the second year I've used CQURE and I believe that the work that is conducted provides MELA Sciences a complete assessment of potential threats and vulnerabilities.

Ken Wong Director of IT, MELA Sciences