Penetration Testing
One of the cornerstones of the Secure Development Life Cycle (SDLC) is the verification of device security, which can be achieved by third-party penetration testing.
The goal of penetration testing is to identify weaknesses through in-depth testing.
​
We propose a variety of penetration tests to assess the security of a system or device, depending on the customer’s security requirements.
They are intended to circumvent device security policies and include software, firmware, and hardware techniques, both non-invasive and invasive.
Conducting a Penetration Testing Campaign
The exact way we conduct the Pen Test can be adjusted based on our customer’s needs. Generally, we proceed by following these steps:
-
We identify the main objectives and duration of the testing campaign. We understand if the test should be open box or closed box.
-
We receive all the inputs needed for the test: this can be code, documentation, the device under testing and specific elements needed for the test setup.
-
We execute the testing campaign, either in the laboratory in our office or at the customer's premises.
-
We deliver the final report and presentation of the results, including suggestions on how to address the weaknesses found.
Conducting a Penetration Tes
The exact way we conduct a Pen Test can be adjusted based on our customer’s needs. Generally, we proceed by following these steps:
-
We discuss the main objective and duration of the testing campaign. We also decide if the test will be open box or closed box.
-
We receive all the inputs needed for the test, this can be code, the final device, or other elements to set up the test environment.
-
We execute the testing campaign, either in the laboratory in our office or at the customer's premises.
-
We deliver the final report and presentation, with the main findings and suggestions for improvement.
Sophisticated Equipment
Using the equipment in our lab, such as our EMFI or Side-Channel setup, our skilled pen testers will perform sophisticated tests, mimicking the behaviour of attackers.
Examples of techniques adopted during our penetration tests are fault injection, side channel attacks and protocols/API fuzzing.
Or Discover our Penetration Testing Training
Penetration testing is a manual activity performed by a security expert to evaluate the target security. The goal is to find previously unknown vulnerabilities, both in software and hardware.
During the training, we present the main tasks covered during a penetration testing activity. Specifically, leveraging a vulnerable IoT device, we discuss the methodology and present several practical tools for analyzing an IoT device.