A security expert performing the Penetration Testing applies real-life attacks, as if they were performed by an adversary/attacker. The penetration tester identifies and combines seemingly inconspicuous vulnerabilities to develop exploitable paths into the target system and to the core assets like personal data, banking account data, health data etc. Penetration testing requires state-of-the-art knowledge, experiences, imagination, creativity and intuition, like any other arts. Do you know an artist who thinks like an attacker? This is our profession and what customers benefit from.
eShard believes in penetration testing as a powerful tool for effective risk management. To analyse a system in depth and determine potential risks, eShard performs penetration tests in a team. Depending on the required skill set, the pentest team may include recognized experts in their subject matter, e.g. in crypto or reverse engineering. Our pentest team members dedicate a significant amount of their working time to research, which enables us to provide state-of-the-art services.
The pentest with eShard does not stop with the report and support during remediation. We additionally provide insights into potential weaknesses in the development & deployment processes to enhance organizational security maturity. Pentesting projects are delivered using PMI PMBOK methodology
Key to the success of any pentest is the well-defined scope. Bad scoping may reduce the value of the penetration test as real-world attackers won’t care about the scope (and time). Or, it may result in avoidable extra time and costs.
Therefore, eShard makes sure that the scope is well defined and agreed before the actual project starts and constantly reviewed during the project, and in line with PMI PMBOK project management methodology.
Mobile applications and IoT devices connect to backend systems via REST, SOAP or other API endpoints. Assessing the endpoint resilience requires e.g.
Web applications are used everywhere and are the common interface to end users and customers. The WAPT addresses both parts of a web application: the server-side as well as the client-side. Known technologies for server-side include Java, PHP, Python, Ruby, Rust (?), and JavaScript for client-side web applications. Where applicable, eShard considers WebViews as a client technology which is frequently used in Mobile Applications.
Applications do not run in isolation but require underlying operating systems, networks and management components that form the glue. This includes eg.