Who’s testing? Midland Circle..
This service is provided by our sister company Midland Circle (www.midlandcircle.com). These activities are a specialization in itself, for which they have the expertise and certifications.
Unique in pen testing according to standards frameworks
Is your company leaking information? You do not want to have business-critical information out in the open. After all, being hacked can be disastrous for your organization. To make sure you have your digital security in order, a penetration test is a must. A penetration test or pen test provides valuable insights that your organization can use to strengthen information security.
Why a penetration test (PENtest)?
You probably protect your data or information by means of firewalls, IPS systems or virus scanners. But can you fully rely on this? Hackers are unpredictable and are becoming more innovative and creative.
As a company, you cannot avoid adjusting your security measures accordingly. Whether it concerns business-critical information, financial transactions, personal data or the availability of your organization, you want to prevent this data from being released at all costs. The reasons to have your systems tested:
- Be one step ahead of hackers (proactive security)
- Manage your security risks
- Promote your compliance (standards frameworks of BIO/ENSIA, DigiD, ISAE or SOC, ISO 27001/NEN 7510)
- Outsmart hackers
With a penetration test, your company is better able to withstand hackers. You should always assume that an IT infrastructure, application or device has leaks. A pen test provides you with improvements that make your organization safer and reduce risks.
Thanks to our expertise, we detect these vulnerabilities during a penetration test. Together with you, we determine the goals of the test. Usually it’s about securing access to your most sensitive information or business processes. Our experts try to get through to the systems you use for this. This can be, for example, a new server, or a web application or website.
How does a penetration test work?
Scan, test, report, advise, implement and retest
A pen test consists of different phases:
- Together with you, we determine the purpose of the test.
- We collect information about the application or the network.
- We scan the application or network for the most recent and current vulnerabilities.
- The pen testers manually try to penetrate deeper into the application or network. Are there any ports that are open? Is there any information that can be extracted from this and, if so, which one? And are there exploits (known vulnerabilities) for the software in question? We also look at programming errors, authorization checks or the possibility to take over sessions.
- You will receive a report containing our advice.
- We will discuss the options based on the report.
- We fix the vulnerabilities found.
- We perform a retest to ensure that any leak has been sealed.
Midland Circle tests the 10 most important vulnerabilities
In every pen test that Midland Circle performs, they work with the OWASP method. This means that they test the web application for the 10 most important types of vulnerabilities. But of course they don’t forget the lesser known vulnerabilities either.
They use three basic strategies for conducting a pen test. Which one is most suitable depends on the demand and the circumstances.