Pen test

Pen test

SM Protection offers thorough pen test services by “black box” (with no knowledge of your system and network configuration), « semi-black box » (with limited knowledge of your system and network configuration), and in « white box » (with a good knowledge of your system and network configuration). The purpose of these tests is to assess the level of security and validate the maturity of your applications, systems, or network (wired and wireless), from malicious attacks from the Internet, WiFi or the internal network of your company.

For a given test scope, in addition to the applications concerned, we will also evaluate the system configurations on which these applications are based and their interactions with other systems and applications connected by services or data exchange links.

At the end of the penetration tests, a report will be provided, detailing the faults found, details of how we have exploited them and possible solutions will be provided in addition to our recommendations on improving the architecture of your systems if necessary. The faults found will be ranked from the most critical to the least critical.

We offer a world-class service that respects the professional ethics of this industry. We are willing to sign any non-disclosure and confidentiality agreement on the information that will be in our possession through the penetration tests.

The top 10 most critical web application security risks according to OWASP for 2017 are:

 A1 SQL Injection

A2 Broken authentication and session management

A3 Cross-Site Scripting (XSS)

A4 Brocken Access Control

A5 Security Misconfiguration

A6 Sensitive Data exposure

A7 Insufficient Attack Protection (New)

A8 Cross-site Request Forgery (CSRF)

A9 Using Components with Known Vulnerability

A10 Under protected APIs (New)