Pentest is a method where one analyses an application from an attackers perspective. A number of attacks are performed with both standard tools and methods made for your environment.
Internal networks seldom have the security as resources exposed externally. By having control of the security in your internal network you can prevent serious incidents early on.
Source code review is a powerful method to find vulnerabilities that are normally hard to detect. If we perform an assessment of an application we always recommend having access to the source code.
So how does it work? We try to keep things as uncomplicated as possible and an assessment works best if there is good communication right from the start. We recommend that a video meeting is booked a few days before the work is scheduled to start, so that discussions can be had around how the assessment execution. In almost all cases one starts with giving the consultant access to the relevant resource such as user accounts for the application, source code, and documentation if such exist. A contact person is assigned on both sides in case something happens or if anyone has any questions. When the assessment is nearing its end the consultant will write a well-written and easy to follow report with all the findings made. After the report has been delievered it is recommended to book a new video meeting where the consultant will go through the report together with the customer and discuss potential solutions. If you have any questions please do not hesitate to contact us.