A high-quality penetration test performed on your online environment
So you can learn about your online vulnerabilities and fix them before the bad guys find them
SecDesk delivers high-quality penetration test services
Are you in need of a high-quality penetration test? SecDesk holds the quality mark: “CCV certified Penetration Tests” and as such all penetration tests are conducted by security professionals with OSCP certification or higher. Giving you ease of mind we know what we are doing and deliver a high quality product, every time, all the time.
OSCP or better
To comply with the CCV Pentesting quality mark all our pentests are conducted by certified professionals. We guarantee for all our testers:
- At least OSCP (or comparable) certified
- Up-to-date statement of conduct
- Trained yearly to stay up-to-date
- Encouraged to be part of the hacker community
Read more about the OffSec pentest trainings here.
Quality assured
SecDesk has acquired the CCV Cyber Pentest quality mark in the beginning of 2024. This quality mark gies you as a customer the following assurances:
- No cowboys, we know what we are doing!
- We treat your data with great care
- Manual and automated testing performed
- All tests performed by qualified pentesters
- Clearly defined processes for our tests
Interested to know more about this quality mark? Find more here. (In Dutch)
How does pentesting work?
Scoping / planning
We start by agreeing parameters. What environments will be tested, what techniques can we use, and what types of external and internal attackers are you concerned about? We carry out due diligence by confirming that each target belongs to you, set the timeframe for the pentest, and identify key contacts in case something unexpected happens.
Scanning / exploitation
To gain a better understanding of your environment, we scan all targets using a multitude of pentest tools. This will identify services and applications that require further testing. We manually confirm all vulnerabilities to minimise false positives. After this our experts get to work. They think laterally, and are not limited by computer algorithms as scanners are. And they attack every aspect of your environment, collecting evidence of vulnerabilities so you can reproduce and fix them.
Reporting
We report our findings, suggest fixes, and produce a management summary for you and your clients. Optionally we can present our findings to you and your team. Our goal is to give you the tools to get to work with fixing the found vulnerabilities.
Need more help?
Need more help fixing the vulnerabilities we found? Have a look at our in-house security specialists service. Our specialists can strengthen your team temporarily or long-term. Interested in our services? Click below to book a meeting with our team to discuss the options! high-quality penetration test can only help your organisation become more secure if you do the work afterwards.
Types of penetration test
Each web application is unique, and can range from a simple one-pager to a complex system integrated with many others, such as third-party application programming interfaces and databases.
We normally follow the OWASP application security verification standard (ASVS4.0) for website security testing. We also use the OWASP Top 10, an industry consensus list of the most crucial issues.
Web applications tend to be public facing, so they’re easier for hackers to target.
An external network penetration test assesses the security of your organization’s “outer shell”. We can target any of your internet-facing assets.
This type of test is often used for companies having internet facing servers, wether being ‘bare metal’ or virtual types of devices.
As a pentest is a snapshot of your environment at moment of testing we also offer automated vulnerability scanning. This service can scan your infrastructure on a daily basis, making it easier to manage and assess vulnerabilities in your environment. Although these scans go less in-depth then a full penetration test, they do offer valuable insights.
Don’t know what type of pentest you need and/or got interested in our vulnerability scanning services?
Mobile applications are also targeted by hackers, as they tend to collect large amounts of user data. It’s important to discover and patch security issues before they’re exploited by third parties.
We test iOS and Android applications, and follow the OWASP Mobile Security Testing Guide.
If you’re concerned about hackers accessing your internal networks, either remotely or onsite, you should consider an internal network penetration test.
Our testers start with a minor foothold, such as limited access to a company device or network. They see how far they can move through your network and collect as much information and privileged access as possible. Depending on the size and complexity of your network, these tests tend to take longer than other forms of penetration.
For testing API’s we have specialist tools available, these tools can be used during our pentest but also integrate into your CICD pipelines. This makes these tools extremely powerful to lessen the burden on your security team and lowers the delay for your team to release secure APIs.
Contact us for more information about our AI-driven API testing kit.
Online threats are omnipresent
The internet is often described as the new wild west with attacks carried out multiple times a second. Our pentesting service gives you insight into the possible holes in your security, making it harder for attackers to gain entry when the real thing happens.
- The question is not if, but when will I get hacked
- With ever more internet facing services at every company, the possible entries for malicious attackers increases drastically
- Most organisations don’t have complete insight into their IT-infrastructure
Want to stay up-to-date with the latest trends in security? Sign up for our newsletter today!
- Stay up-to-date with the trends, so you can focus your security effort
- Tips and tricks which you can implement directly!
Being a pentester requires you to think outside the box, and look at your target with a malicious mindset.Youri van der Zwart, co-founder
Frequently asked questions
Penetration tests can be daunting at first, but with the right partner you will gain valuable insights and leave with a more secure business.
Reasons for ordering a pentest can vary wildly, but can loosely be summarised into the following categoreis:
- Upgrades to infrastructure has been made and security needs to be validated
- Regulations for your industry require pentesting
- Clients want info on the security of your product
- New software functions / versions have been released
- Infrastructure expansion
As a rule of thumb we always encourage every company to do at least a yearly pentest on their infrastructure / applications. Because we understand this is not an option for every organisation we have other solutions available to lighten the financial burden for startups / SME’s.
SecDesk was created to offer affordable security services to every company, let’s think together how we can help you! Contact us now for more informations
First and foremost: You will be the only one to hear about it!
We create a report which will cover all the found vulnerabilities in detail. Every vulnerability will mention the following (where applicable):
- Title – Comprehensive name for the found vulnerability
- Risk level – What risk level does this pose for your organisation?
- Description – Info on the vulnerability, where is it found, how is it exploitable?
- Screenshot – Proof of concept for the exploit
- Impact – What can a malicious attacker do if he exploits this vulnerability?
- Likelyhood – How difficult / what level of knowledge is needed to exploit
- Recommendation – Tips for your security team for remediation
Unfortunately every environment / app is different and thusly we can’t give you any prices.
If you are interested in knowing more about our pricing, please contact us so we can have a look at your environment and situation so we can create a fitting quote.
Interested? Plan a meeting with our team now!
Let’s talk about your needs / security questions you might have in your organisation and we help you assess if our high-quality penetration tests can fill your needs!
See our cookie statement for all information.
Functional cookies Always active
Preferences
Statistics
Marketing
Schedule a call and get your free risk report.
Tell us a little about yourself and we will get back to you about your free risk report!
We value your privacy. Your personal information is confidential and is not sold to third parties.