Category Archives: Solutions

Internal Security Audit: What to Know About It

When we talk about computer attacks, we often think of an activist or a criminal sitting in front of his screen on the other side of the world… while half of the attacks involve internal actors, according to the Insider Threat Report 2018. In fact, 58% of respondents confirmed that they had suffered a cyberattack related to the internal threat. Protecting yourself from the inside against these attacks is therefore just as important as defending yourself from the outside.

Description

Internal Security Audit

During an internal security audit, penetration tests are conducting from inside the company or sometimes through a VPN. Most of the time, pentesters go to the company’s buildings, bring their equipment and put themselves in the shoes of an internal attacker.

Continue reading

Social Engineering: Experience feedback!

Social Engineering: Experience Feedback

We have been conducting social engineering attacks for around 3 years (legal attacks for clients, it is our job, no worry 😉 ). During these three years, our pentesters (security experts) tried various techniques, scenarios and pretexts. We have learned lessons from our experience, and our clients shared with us what they learned too. We are sharing them now with you.

1/ Social engineering in a nutshell

Before starting, let’s remember what social engineering is:

Continue reading

What does a penetration test vs a vulnerability scanner bring?

Vulnerability scanner vs penetration testThe first one and the second are said to be the best allies of CISO (and in general people in charge of IT security). There are though two different tools in a security strategy. What are the different characteristics of each?

 

Let’s start with the vulnerability scanner.

It is a software that is programmed to run tests on your platform, on your information system – … to detect vulnerabilities. A scanner identifies vulnerabilities thanks to its database containing the known vulnerabilities and common security issues. They go through networks, services, applications, etc.

First characteristic, the tests are automated. This means they are fast and a whole system can be easily tested in some hours / days, depending on its size.

Continue reading

Mobile Application Penetration Testing: What is it? And How Does it Work?

Mobile Application Penetration Testing how is it and how does it workAs mobile apps are more and more used by every field of activity, they become also more and more interesting for malicious attackers. Apps need therefore to have a strong security, just as websites. That’s why we do mobile apps penetration testing that takes into consideration their specificities.

 

Objective of a Mobile Application Penetration Testing?

Continue reading