Penetration tests are a common alternative name for the lesser known, but more accurate term “Vulnerability Assessment”. Vulnerability Assessments are tasked with analyzing a specified target for vulnerabilities. Penetration testing originates from the military jargon and refers to an operation, where a targets penetration is the goal. This differs from a vulnerability assessment, as the operation is deemed successful once the targets security has been breached, whereas a vulnerability assessment doesn’t focus on breaching, but rather on identifying as many vulnerabilities as possible.
Describes the attempt of breaking into a system within a certain time frame.
Describes the analysis of a target to find as many vulnerabilities as possible.
The term Penetration Test has however been adapted in the IT security industry as an alias for vulnerability assessments, and bears the same meaning. While penetration tests in the original meaning do make sense and are being done to test the defensive capabilities of networks and applications which are already considered secure, most customers who use the term are initially more interested in vulnerability assessments.
Our Red Team members are experts in offensive security. The best way to test your applications and networks against attackers, is by analyzing them from an attacker’s point of view. If you need to evaluate your security status and test your defense against malicious acts, then our Penetration Tests are exactly what you need. Our Red Team is specialized in testing the following areas
Whether you want to ensure the protection of your website or need an in-depth analysis of a featureful web platform, our Red Team experts are there to help.
Hosts and networks often sport a number of vulnerabilities which can be misused by attackers to gain access to servers and networks, and lead to further compromisation.
Not only can we test your defense but we also can teach your staff to look for vulnerabilities and flaws themselves. We will happily share our knowledge and expertise with your specialists.
Often times penetration tests, or pentests for short, are sold as the solution to all your security problems, which is of course not the full truth. Penetration tests rather serve a very simple purpose.
Evaluate the current vulnerability status of an application, host or network.
Penetration tests provide you with an evaluation of the current security status. This evaluation can help you to
Close all discovered mid- to high risk vulnerabilities to prevent imminent threats from ruining your product or business.
Close low-risk vulnerabilities and apply system hardening based on the reported results
Our verification serves as proof that all discovered risks have been taken care of.
This flowchart describes the usual process of a penetration test from our customer's perspective to systematically identify vulnerabilities. We hope that this will give you an idea of how we operate and what our services include. For more detailed information on our penetration test workflow, we recommend reading our blog post What is penetration testing?.
Free of charge
The kickoff meeting is used to discuss the detailed scope of the penetration test and answer open questions.
In order to avoid disruptions during testing, login credentials and the application are checked for functionality.
In this phase, our red team systematically analyzes the target using both manual and automated tools, where best applicable.
A detailed documentation, containing suggestions for improvement and a management summary is handed out.
Optional – Blue Team
In this optional stage, our blue team experts help you close open vulnerabilities and apply best practices based on the report.
This optional services is for our customers who don't employ their own security professionals and are having trouble finding the best way to handle the discovered vulnerabilities.
Optional - Red Team
In this stage, we verify that the vulnerabilties have been closed properly, and no new issues have been introduced in the process.
While this stage is also optional, we highly recommend the retest as it is allows for verification of newly implemented security measures without requiring much of an effort.
Free of charge
Finish the assignment with a short discussion about the assignment, answer open questions and provide feedback and advice.
Our communication channels are always open. If you have question, be it during any stage of the penetration test, before or afterwards, contact us and we will be happy to help.
We founded LastBreach because we want to change the way security is being done today. To that end, we want to focus on improving security in the following areas in addition to the protection that it already offers.
We focus on actions which protect and support your business and won't get in the way of every day workflows.
Good security measures depend on good workflows. We help you adjust your processes to reflect your requirements not just now, but also in the future.
By designing security so that users want to work with, instead of against it, we make sure that everyone is part of your security solution.
We are always there to help, every step of the way, from beginning to end. Everything we do is transparent to our customers and we always there for questions.