<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=360724884392591&amp;ev=PageView&amp;noscript=1">

Penetration testing by Hacken

Penetration test is an imitation of actions of a malicious user or an attack on a computer system, web application, API or network infrastructure by a hacker. Such imitation aim is to assess the level of security of a system by exploring possibilities of gaining access and/or control over system's features and data that would impose the threat of losing financial assets and/or critical data.

Get Report Example

Who needs pentest by Hacken?

penetration testing services

ICO Startups

The cornerstone of any successful ICO campaign is investors’ trust. How to achieve it? Prove your ICO is safe! It cannot be reached without a secure website or application.

Request penetration testing services to scan your systems for vulnerabilities.

 

REQUEST CONSULTATION

penetration testing

IT Companies

Most private information is stored in various applications and business systems which can be targeted by malicious hackers.

Employ a penetration testing consultant to ensure the highest level of security for your product, systems, and applications.

 
 

REQUEST CONSULTATION

Enjoy White Hats' quality of service!


We offer Cybersecurity Services that enable Cybercrime prevention for Businesses which lack the scale, expertise, or time to do it themselves.
Follow the experience of ICOs and companies that are cyber-protected now!

Why do you need pen testing services?

You may find the answer in the cybersecurity statistics of 2017

pen testing services

Over 75%

of all legitimate websites contain unpatched vulnerabilities.

pen testing solutions

$3.62 million

The cost of an average data breach in 2017.

pen testing services

More than 40%

of cyber attacks target small and medium businesses.

What do we check?

Web Application Penetration Testing

For an average user, a web application is a client-server program in a web browser. For a black hat hacker, a web application is an opportunity to steal sensitive data.

Cyber attacks on web apps range from targeted database manipulations to large-scale network disruptions. Some companies never recover from significant data breaches. Flawed coding or failure to sanitize input to and output from web application can result in massive financial losses, damage to brand reputation, and loss of customer trust. Therefore, every company should ensure the web security: the best way is to hire a white hat hacker.

Solution

Hacken web application penetration testing delivers detailed results that include criminals’ attack simulations showing how an attacker can exploit a vulnerability. We combine automated and manual penetration testing to achieve the most accurate result. Automated tools and scanners discover almost all technical vulnerabilities, while a penetration tester identifies logical vulnerabilities.

It takes excellent technical skills and experience of penetration testing company to identify complex flaws in authorization and business logic of the web app. We provide clients with insightful analysis and recommendations on how to eliminate vulnerabilities.

Mobile Application Testing

Viruses, man-in-the-middle attack, or ruined reputation as a result of a data breach, which would you choose?
Hacken suggests mobile app security testing

Mobile applications are one of the most widely spread tools for storing sensitive information as modern people use mobile apps to access the company’s services. Thus, it is imperative to ensure security at both ends. Mobile penetration testing is the solution to ensure that your client will not fall victim to a positioned attacker who aims to manipulate traffic.

It is pointless to develop an attractive app if there are holes in the servers that store and process customer data. At the same time, completely secure servers cannot save customer data from retrieval or redirection to a remote attacker if an app is insecure.

Solution

Hacken’s mobile app penetration testing provides an insightful security analysis of phone and tablet-based apps. A well-balanced combination of automated and manual penetration testing helps achieve the most accurate assessment compared to other pen testing companies.

Our penetration testers identify vulnerabilities that can be misused to steal funds from the customers’ and investors’ wallets or loot funds from an IT company's account damaging the reputation of the project.

Network Penetration Testing

The role of servers, employee devices, and routers is usually underestimated when it comes to corporate security.

In fact, black hat hackers target anything that stores, processes, and transmits personal information.

It is unlikely that an average user is aware of the risks connected with his/her WI-FI router. However, a mature company should take into account all possible hackers attack vectors. A company’s network may be under great risks due to a wide range of security flaws including misconfigured software, outdated software or operating systems, insecure protocols and unnecessary exposures.

Solution

Vulnerability research provides a comprehensive testing of a company's servers and network infrastructure to ensure that the company is highly protected against a range of cyber threats. Hacken’s white hats will check whether the organization has any exploitable vulnerabilities in networks, systems, hosts and network devices.

Engaging vulnerability assessment companies is a step ahead of black hat hackers. We will reveal possible opportunities for hackers to compromise systems before they are able to exploit them.

Crypto Exchange Penetration Testing

Nowadays with a growing number of crypto exchange hacks, no platform should be established without a prior pentest.

With the amount of money in the cryptocurrency industry, it’s no surprise that crypto exchanges run the risk of being hacked. Apparently, the problem can be resolved by identifying vulnerabilities in the application’s logic; however, there hasn’t been a specific methodology that details what factors one must be paying attention to during testing. Having already tested a number of exchanges, Hacken created a strategic workflow.

Solution

First of all, it’s paramount to make sure that systems remain uncompromised no matter what. Since all exchanges are browser-based, an exchange may want to simulate a hacking attempt, i.e. Black Box test, but for a more comprehensible result, many choose to conduct a Gray Box test.

To test the logic at work, we’ll need to conduct at least 5 transactions of buy-sale and/or input-output. Moreover, the testing supposes a check of KYC Verification procedures and authentication process, API testing, and test of WebSockets.

Key directions of the assessment

penetration testing consultant

Authentication

The application's authentication controls the mechanism as it processes the identity of individuals or entities.
penetration testing company

Session Management

The application's session management controls the mechanism as it traces the activities performed by authenticated application users.
penetration testing consultant

Input Manipulation

The application's input controls the application processes inputs received from different interfaces and/or entry points.
pen testing companies

Output Manipulation

Possibility to gain information from temporary Internet files, cookies, and other application objects.
pen testing services

Information Leakage

We determine the type of information that is transferred back to the user or stored in the client's machine.

How does it work?


1) Information Gathering
A search for any data about the system, mobile app, or infrastructure through the open sources.


2) Threat Modeling
Based on the collected data, a plan on how to sneak into the system is created.


3) Vulnerability Analysis
Automatic (with the help of scanners) and manual assessment of the system.


4) Exploitation
Using the identified data, specialists try to perform various manipulations to check how criminals can misuse the vulnerabilities

5) Post Exploitation
Researching what other actions can be performed with the identified vulnerabilities.


6) Reporting
Writing a detailed report on the performed actions with the recommendation on how to eliminate vulnerabilities.

penetration testing services

Request Your Consultation

F.A.Q.

Penetration testing is the process of identification and exploitation of vulnerabilities. Often a white hat conducts testing without causing damage to the tested resource. There is always a small chance that testing may provide some negative influence on the tested system (DoS, data corruption or removal). That is why it is recommended to perform any actions after working hours.

There are three types of penetration testing based on provided data and information from a customer: White, Gray, and Black Box.


With the black box model, pentesters have limited knowledge of the network and no information on the customer’s security policies, network structure, operating systems, and network protection in place. With limited details available, an ethical hacker has to penetrate the network as profoundly as possible to detect the hidden vulnerabilities.


White box assumes that a white hat has admin rights and access to configuration files or even source code of application or services. Pentesters have access to server configurations, communication logs, and database encryption principles.


Grey box penetration testing combines the two approaches described above. A white hat receives certain details about the network, such as user login details or the overview of the network. Notably, when testing a web app, a pentester tries to discover potential entry points.

Software security testing services use different tools to find vulnerabilities. The most popular vulnerability scanners for websites are Acunetix, BurpSuite, OwaspZAP. For manual pentesting of websites and certain pentesting operations with mobile applications, white hats use automatic tools, such as, BurpSuite: it allows to intercept scanning requests and edit them. For local networks, the most popular scanners are Nmap and its modifications with GUI Zenmap, Tenable Nessus, Rapid7 Nexpose, and Retina. To verify the vulnerabilities, you can use the Metasploit, Empire, and other tools. For testing Android applications, frameworks like API are used.

The cost of the pentesting is specific to each client. Several parameters influence the price: the number of resources to be audited, timeframe, and complexity of the work.

The timeframe is specific to each client. It depends on the complexity and the breadth of work. Approximately it takes between 2 and 4 weeks for common systems to be tested.

  1. Testing of authorization and authentication.

We check the possibility of circumventing the two-factor authorization, session management, bypassing captcha, and other means of protection.

  1. Testing the input and output of coins on the exchange.

We consider the possibility of input/output of coins from/to user wallets.

  1. Testing the trading and buying coins function.

We test the possibility of substituting data when placing and buying orders are considered.

  1. Test settings of a private account.

We test the security of an account on the crypto exchange. For example, we try to modify account settings, limits, and keys.

  1. Almost every exchange has an API that tracks the use of exchange data in other applications. To prevent potential data leakage, we test the API.
  1. Finally, we provide all possible vulnerability tests by the OWASP testing guide.

Of course. The report is assembled according to our corporate standards. It describes threats, their verification, and gives recommendations regarding fixing bugs and vulnerabilities.

In the report, we give brief recommendations regarding possible responses to a bug or a vulnerability. If you need advanced recommendations or clarifications regarding the severity of vulnerability, you can email us.

On a constant basis. We have a lot of clients and different types of tasks – this allows our team to continually develop and improve penetration testing expertise and offer updated services.

Our bug bounty program HackenProof is an alternative to pentesting in a long-term perspective. It is important to understand the difference between a pentest and the bug bounty program. One team performs penetration testing, and it aims to explore the state of security of a system or an application at a particular time. When it comes to HackenProof, we perform a continuous in-depth check of system vulnerabilities. However, researchers are limited to bounties for which they are paid.

Yes, we are testing hardware wallets. Every wallet requires a distinct verification procedure.

At Hacken, internal pentesting serves to test local networks and services. External pentesting involves testing resources of clients. Automated and specialized tools (vulnerability scanners, special frameworks, etc.) are used for both external and internal pentesting.