External
A cybersecurity assessment that focuses on identifying vulnerabilities and security weaknesses from an external perspective. It simulates how potential attackers might attempt to breach an organization’s systems, networks, and applications.
Typically, this test includes the evaluation of internet-facing assets, such as web applications, email servers, firewalls, and network infrastructure, with the aim of discovering and remediating vulnerabilities before malicious actors can exploit them.
Internal
A cybersecurity assessment conducted from within an organization’s network to identify vulnerabilities and assess the effectiveness of internal security controls. This typically covers the assessment of internal network segments, servers, databases, and applications.
The primary goal is to identify and remediate security vulnerabilities, misconfigurations, and weaknesses that could be exploited by a malicious insider or an attacker who has already gained access to the internal network, providing evidence of compliance for regulatory requirements and certifications (PCI-DSS, SWIFT-CSP, ISO27001 and others).
Wireless
A penetration testing exercise aimed at uncovering vulnerabilities that could lead to unauthorized access, data breaches, or interference with wireless communication. The scope of wireless network penetration testing includes the assessment of wireless access points, routers, authentication mechanisms, encryption protocols, and the overall wireless network architecture.
Cloud
A cybersecurity assessment focused on evaluating the security of an organization’s cloud-based infrastructure and services. It simulates attacks and vulnerabilities that may affect cloud resources, such as containers, virtual machines, storage, databases, and applications.
This exercise covers cloud services and configurations, identity and access management, data storage and encryption, network security, and authentication mechanisms. The primary objective is to identify vulnerabilities specific to the cloud environment that could lead to data breaches, unauthorized access, or the compromise of cloud-based assets. Testing may also assess compliance with cloud security best practices and adherence to cloud service provider security controls.
Custom
Customized penetration testing services designed to assess the security of hardware, firmware, IoT devices, and specific communication protocols through reverse engineering, delving into the security of unique, often proprietary, and embedded systems. It involves disassembling and analyzing the firmware and hardware of IoT devices, kiosks, or specialized smart devices to uncover vulnerabilities, hidden features, and potential weaknesses.