Each web application is unique, and can range from a simple one-pager to a complex system integrated with many others, such as third-party application programming interfaces and databases.

We normally follow the OWASP application security verification standard (ASVS4.0) for website security testing. We also use the OWASP Top 10, an industry consensus list of the most crucial issues.

Web applications tend to be public facing, so they’re easier for hackers to target.

An external network penetration test assesses the security of your organization’s “outer shell”. We can target any of your internet-facing assets.

This type of test is often used for companies having internet facing servers, wether being ‘bare metal’ or virtual types of devices.

As a pentest is a snapshot of your environment at moment of testing we also offer automated vulnerability scanning. This service can scan your infrastructure on a daily basis, making it easier to manage and assess vulnerabilities in your environment. Although these scans go less in-depth then a full penetration test, they do offer valuable insights.

Don’t know what type of pentest you need and/or got interested in our vulnerability scanning services?

Plan a meeting to discuss the options!

Mobile applications are also targeted by hackers, as they tend to collect large amounts of user data. It’s important to discover and patch security issues before they’re exploited by third parties.

We test iOS and Android applications, and follow the OWASP Mobile Security Testing Guide.

If you’re concerned about hackers accessing your internal networks, either remotely or onsite, you should consider an internal network penetration test.

Our testers start with a minor foothold, such as limited access to a company device or network. They see how far they can move through your network and collect as much information and privileged access as possible. Depending on the size and complexity of your network, these tests tend to take longer than other forms of penetration.

For testing API’s we have specialist tools available, these tools can be used during our pentest but also integrate into your CICD pipelines. This makes these tools extremely powerful to lessen the burden on your security team and lowers the delay for your team to release secure APIs.

Contact us for more information about our AI-driven API testing kit.

Penetration tests can be daunting at first, but with the right partner you will gain valuable insights and leave with a more secure business.

Reasons for ordering a pentest can vary wildly, but can loosely be summarised into the following categoreis:

• Upgrades to infrastructure has been made and security needs to be validated
• Regulations for your industry require pentesting
• Clients want info on the security of your product
• New software functions / versions have been released
• Infrastructure expansion

As a rule of thumb we always encourage every company to do at least a yearly pentest on their infrastructure / applications. Because we understand this is not an option for every organisation we have other solutions available to lighten the financial burden for startups / SME’s.

SecDesk was created to offer affordable security services to every company, let’s think together how we can help you! Contact us now for more informations

First and foremost: You will be the only one to hear about it! 

We create a report which will cover all the found vulnerabilities in detail. Every vulnerability will mention the following (where applicable):

• Title – Comprehensive name for the found vulnerability
• Risk level – What risk level does this pose for your organisation?
• Description – Info on the vulnerability, where is it found, how is it exploitable?
• Screenshot – Proof of concept for the exploit
• Impact – What can a malicious attacker do if he exploits this vulnerability?
• Likelyhood – How difficult / what level of knowledge is needed to exploit
• Recommendation – Tips for your security team for remediation

Unfortunately every environment / app is different and thusly we can’t give you any prices.

If you are interested in knowing more about our pricing, please contact us so we can have a look at your environment and situation so we can create a fitting quote.