Penetration testing : Objectives
In a cyber security context, unlike an audit, whose objective is to validate compliance with a policy or standard, the penetration test measures the risk associated with an information system.
Realistic conditions
During a penetration test, the steps and techniques of a real malicious actor are reproduced in order to detect potential vulnerabilities
Risk assessment
With our approach, penetration testing can identify vulnerabilities that could be exploited, as well as likely scenarios.
Final Report
This report provides the details required to reproduce the risk situations. It also contains recommendations for the implementation of an action plan.
Our cybersecurity offers
Technical security
Organisational security
Infrastructure security test
Can be internal or external. Simulates an attack on an IT infrastructure.
Risk analysis
Risk analysis using the EBIOS method.
Web application security test
This test analyses the vulnerabilities of web applications.
Information system security policy
Assistance in drafting or updating an information system security policy.
Wi-Fi security test
Simulates an attack on a wireless network.
Business continuity plan
Assistance in developing a BCP or DRP.
Robustness and complexity testing of passwords
We try to crack the hashes of your important passwords.
Contact us for further details
CONTACT USVocabulary
Initial knowledge
There are three approaches to initial knowledge:
The black box penetration test: These are the conditions closest to an external attack by an unknown person. No information is provided.
Grey box penetration test: Limited information is provided before the test begins, such as information about the operation of the target or user accounts.
White box penetration test: Sometimes referred to as the crystal box, here as much information as possible is provided before the test begins. Thus the functioning of the target is made visible, hence the term white box.
Attacker position
The attacker can either be internal or external. External penetration testing is the most common service, where the consultant operates via an internet connection to simulate anonymous malicious user attacks. Internal penetration testing is the opposite configuration. An attack is simulated from one of the company’s internal networks to measure the risk of internal compromise.
Conducting an intrusion test
Setting up
Discovering the scope
Information gathering
Search for vulnerabilities
Construction of attack scenarios and compromise of the IS
Initial compromise, retention of access and elevation of privileges
Report writing and delivery


A local and international company
Data Privacy Professionals provides its services across France and especially in Île-de-France (Parisian region) and the Grand-Est region:
• in Alsace (Bas-Rhin / Haut-Rhin) : Strasbourg, Mulhouse, Colmar.
• in Lorraine (Moselle, Meurthe et Moselle, Meuse, Vosges) : Nancy, Metz, Thionville, Épinal, Saint-Dié, Bar-le-Duc, Forbach, Sarreguemines.
• in Champagne-Ardenne : Reims, Troyes, Charleville-Mézières.
We also intervene abroad (in French, English and German)