Cybersecurity offers

Penetration testing : Objectives

In a cyber security context, unlike an audit, whose objective is to validate compliance with a policy or standard, the penetration test measures the risk associated with an information system.

Realistic conditions

During a penetration test, the steps and techniques of a real malicious actor are reproduced in order to detect potential vulnerabilities

Risk assessment

With our approach, penetration testing can identify vulnerabilities that could be exploited, as well as likely scenarios.

Final Report

This report provides the details required to reproduce the risk situations. It also contains recommendations for the implementation of an action plan.

Our cybersecurity offers

Technical security

Organisational security

Infrastructure security test

Can be internal or external. Simulates an attack on an IT infrastructure.

Risk analysis

Risk analysis using the EBIOS method.

Web application security test

This test analyses the vulnerabilities of web applications.

Information system security policy

Assistance in drafting or updating an information system security policy.

Wi-Fi security test

Simulates an attack on a wireless network.

Business continuity plan

Assistance in developing a BCP or DRP.

Robustness and complexity testing of passwords

We try to crack the hashes of your important passwords.

Contact us for further details

CONTACT US

Vocabulary

Initial knowledge

There are three approaches to initial knowledge:


The black box penetration test: These are the conditions closest to an external attack by an unknown person. No information is provided.
Grey box penetration test: Limited information is provided before the test begins, such as information about the operation of the target or user accounts.
White box penetration test: Sometimes referred to as the crystal box, here as much information as possible is provided before the test begins. Thus the functioning of the target is made visible, hence the term white box.

Attacker position

The attacker can either be internal or external. External penetration testing is the most common service, where the consultant operates via an internet connection to simulate anonymous malicious user attacks. Internal penetration testing is the opposite configuration. An attack is simulated from one of the company’s internal networks to measure the risk of internal compromise.

Conducting an intrusion test

Setting up
Discovering the scope
Information gathering
Search for vulnerabilities
Construction of attack scenarios and compromise of the IS
Initial compromise, retention of access and elevation of privileges
Report writing and delivery

A local and international company

Data Privacy Professionals provides its services across France and especially in Île-de-France (Parisian region) and the Grand-Est region:
• in Alsace (Bas-Rhin / Haut-Rhin) : Strasbourg, Mulhouse, Colmar.
• in Lorraine (Moselle, Meurthe et Moselle, Meuse, Vosges) : Nancy, Metz, Thionville, Épinal, Saint-Dié, Bar-le-Duc, Forbach, Sarreguemines.
• in Champagne-Ardenne : Reims, Troyes, Charleville-Mézières.


We also intervene abroad (in French, English and German)

CONTACT US