Our White Hat Hackers Discover Vulnerabilities
Before the Bad Guys Can Exploit Them.
READ MORE ABOUT US

Why Penetration Testing

icon
$3.62 million.
the average cost of a corporate data breach in 2016
icon
$245
The average cost for each lost or stolen record containing sensitive and confidential information in 2016 in financial services.
icon
24,000 records.
the average size of the data breaches in 2016 increased to more than
2017 IBM Data Breach study
icon
72%
of all fraud cases involving mobile banking apps included remote deposit capture (RDC) and the use of fraudulent checks.
Guardian Analytics

Out of All the Web Applications Tested by Etnetera

displayed at least one high-risk or critical vulnerability
contained cross-site scripting vulnerability
contained at least one vulnerability leading to PII disclosure
"We’re In, Now What?"


Our Services

Vulnerability
Assessment

A Vulnerability Assessment identifies, classifies, and evaluates potential security weaknesses in systems and applications.

The test is performed using special tools called “vulnerability scanners” that detect weaknesses within a tested infrastructure. Such tests also identify a large number of false-positives. That’s why our assessment also includes quick validation using the Penetration Tester.

Web Application
Test

The Web Application Penetration Test is a must for any company on the Internet.

Our test uses OWASP methodology, which is rapidly becoming the industry’s standard as it is effective in identifying the most common vulnerabilities.

Mobile Application
Test

As IT shifts towards Mobile Applications, the hackers will follow.

The Mobile Application Penetration Test is designed to find vulnerabilities and security deficiencies in mobile applications for both Android and iOS platforms. The test follows OWASP MASVS methodology designed specifically for mobile applications.

The External
Penetration Test

The External Penetration Test of infrastructure evaluates IT resources exposed to the Internet.

Websites are not the only things exposed to the Internet and hackers know it. This test focuses on exposed infrastructure, such as remote management, email servers, or data transfer services.

The Internal
Penetration Test

The Internal Penetration Test takes the web and external infrastructure tests a step further.

The test assumes the identity of a hacker attempting to breach internal resources. The purpose of this is to test applications and defenses behind the corporate parameters.

OSINT & Phishing

Open Source Intelligence (OSINT) is a process of gathering information from publicly available sources. OSINT, in combination with Phishing, reveals how employees are prepared for social engineering attacks.

This test is designed to discover how much internal information the company leaks without knowing it. This information is then used to hack the company without actually hacking anything.

Wireless
Penetration Test

Intra-office wireless communication is growing in prominence, however, misconfiguration or omission of strict security standards often leads to breaches within the corporate parameter. This enables hackers to gain easy access to the internal infrastructures.

Wireless Penetration Tests validate the setup of wireless infrastructure to ensure that the best security standards are used.

Security Packs

Basic
Recommended for:
- Proper patch deployment
- A quick overview before an acquisition
- A quick analysis after significant changes to infrastructure
Vulnerability Assessment
yes
A Report with Recommendations Based on the VA
yes
Web Application Test
no
External Infrastructure Test
no
Mobile Application Test
(if applicable)
no
(D)DoS Protection Test
no
Internal Infrastructure Test
no
Wireless Test
no
OSINT+Phishing
no
Performance Tests
no
Best seller
Essential
Online Retail, Social Sites, Gaming Sites, Company websites and intranets
Recommended for:
- Internet based companies
- The bare minimum for eshops, social media sites, or any company that retains personal customer information
- Should follow all significant changes to infrastructure
Vulnerability Assessment
yes
A Report with Recommendations Based on the VA
yes
Web Application Test
yes
External Infrastructure Test
yes
Mobile Application Test
(if applicable)
yes
(D)DoS Protection Test
yes
Internal Infrastructure Test
no
Wireless Test
no
OSINT+Phishing
no
Performance Tests
no
Best value
Premium
Financial and Insurance Institutions, Healthcare, Entertainment and Media
Recommended for:
- Any company with extensive infrastructure
- The bare minimum for any larger company that retains personal or financial
information - Prior any larger acquisition as part of due diligence
- Necessary annual analysis of financial institutions
Vulnerability Assessment
yes
A Report with Recommendations Based on the VA
yes
Web Application Test
yes
External Infrastructure Test
yes
Mobile Application Test
(if applicable)
yes
(D)DoS Protection Test
yes
Internal Infrastructure Test
yes
Wireless Test
yes
OSINT+Phishing
yes
Performance Tests
yes
Custom
Whatever you need
Basic

Recommended for:
- Proper patch deployment
- A quick overview before an acquisition
- A quick analysis after significant changes to infrastructure

Best seller
Essential

Recommended for:
- Internet based companies
- The bare minimum for eshops, social media sites, or any company that retains personal customer information
- Should follow all significant changes to infrastructure

Best value
Premium

Recommended for:
- Any company with extensive infrastructure
- The bare minimum for any larger company that retains personal or financial
information - Prior any larger acquisition as part of due diligence
- Necessary annual analysis of financial institutions

Custom
Online Retail, Social Sites, Gaming Sites, Company websites and intranets Financial and Insurance Institutions, Healthcare, Entertainment and Media Whatever
you need
Vulnerability Assessment
yes
yes
yes
A Report with Recommendations Based on the VA
yes
yes
yes
Web Application Test
no
yes
yes
External Infrastructure Test
no
yes
yes
Mobile Application Test
(if applicable)
no
yes
yes
(D)DoS Protection Test
no
yes
yes
Internal Infrastructure Test
no
no
yes
Wireless Test
no
no
yes
OSINT+Phishing
no
no
yes
Performance Tests
no
no
yes

We use industry standards for penetration tests (OWASP and PTES)

Our penetration testers hold prestigious security certifications, including CEH and CompTIA Security+

How it works

It's all done in 30 days after scope definition



step

Pre-Engagement Interaction

- Definition of Scope
- Goal Settings

More info

The testing team works with the clients to define the scope of the engagement, finalize any necessary NDAs. and complete all legal requirements (for example, on a payment gate, the main gate would be to ex-filtrate client data or modify transactions).

step

Intelligence Gathering

- Analysing the Client’s Public
- Information
- Establishing the Target

More info

The team gathers all the publicly available information about the target. This information is categorized and processed to create a comprehensive map of the targeted application/infrastructure.

step

Threat Modeling

- How to Complete the Test’s Goals

More info

Taking into account the collected information, the team decides how to attack the target, thus establishing threat vectors with the highest probability of success.

step

Vulnerability Analysis

- Identifying the Available Avenues of Attack

More info

After identifying the threat vectors, the team analyses the target to figure out how to achieve the desired goals, thus creating a solid plan of attack.

step

Exploitation

- Performing the Attack

More info

The exploitation phase is the culmination of the previous phases in a working proof of concept. The team aims to achieve exploitation without being detected.

step

Post-Exploitation

- Analysis of the Exploited Target
- Moving Towards the Test’s Goals

More info

As in the real world, the team performs all the necessary steps to exfiltrate/compromise the targeted information, collecting any further information needed to achieve the goal of the test. This phase is crucial to illustrate the impact of the vulnerabilities discovered.

step

Reporting

- A Comprehensive Description of the Discovered Vulnerabilities
- Recommendations to the Client
- View sample report here

More info

In order to help the Client remediate the detected vulnerabilities, the team creates a comprehensive report listing all the findings, their impact, and proof of concepts to illustrate real-world application. The scoring of vulnerabilities is designed to help the client establish a risk management approach that deals with the most pressing deficiencies first.

step

Fixes

- Client’s Remediation of the Reported Vulnerabilities

More info

The client remediates the uncovered vulnerabilities based on the report and recommendations from the previous phase.

step

Retesting

- Validation of Solutions
- Retesting is free

More info

The team performs the exploitation phase a second time, verifying that the fix phase was effective and successful.

Who we are

icon
We are IT security specialists with over a decade of experience
icon
We represent a company founded in 1997 that now has over 400 employees
icon
Our testers hold prestigious certificates such as CEH - Certified Ethical Hacker, RHCE - Red Hat Certified Engineer and CompTIA Security+

Contacts

Name
E-mail
Company
Your message

US Office
Etnetera Group US
44 Tehama St
San Francisco
CA 94105, USA

Roman Horáček

Roman Horacek
roman.horacek@etneteragroup.com
+1 415 323 8343

We use cookies to improve your experience on our site and to show you relevant ads. To find out more, read our privacy policy.
OK