Pentesting and Ethical Hacking
Let HackDefense’s experienced Ethical Hackers test your application, network or web site.HackDefense delivers a report that is understandable for management, and that includes technical appendices recommending concrete, detailed steps to solve the issues we’ve identified.
A talented hacker’s creativity can’t be automated. Of course we use the latest scanning software and we own licences for the professional editions. But our experienced and certified ethical hackers and penetration testers again and again find vulnerabilities that were not ‘seen’ by automated vulnerability management or scanning solutions.
So if it really needs to be secure — you’ll need our ethical hackers.
TIBER: Threat Intelligence Based Ethical Red Teaming
Red Teaming means that we hack our way into your network, aiming to work with your Blue Team to learn and adapt to the latest hacking techniques. The framework for doing this which was developed by the Dutch financial sector is called TIBER, and it works so well that the European Central Bank has adopted it, too (TIBER-EU).
We’d love to work with you to see what hackers could do to obtain unauthorised access to your systems, networks, and data. And to work with you to improve prevention and detection measures to thwart us next time!
Firewalls are not what they used to be. Modern IT Security requires working on the assumption that someone may have penetrated your network’s perimeter. Because a user clicked on a link in a phishing e‑mail, for example.
HackDefense tests what a hacker can then do: is he (or she) able to quickly become Domain Administrator and make off with all your confidential information? Or is internal security robust? HackDefense highlights what issues hackers could abuse, so where improvements are possible.
Web application pentest
Our well-educated, certified pentesters are very experienced in finding security flaws in web applications. Of course we use the OWASP Top 10 as a guide, but we thoroughly search for ways to compromise your application like SQL injection, Cross-Site Scripting and Cross-Site Request Forgery, whether they are in the Top 10 or not.
We make sure we know the latest hacking techniques en can tell you exactly whether or not your application is vulnerable. So that you won’t find yourself in the news with a data breach.
Mobile application pentest
Mobile apps require a very different pentesting method. The security risks are not all the same as for other kinds of applications (see, for example, the OWASP Mobile Top 10) and so a pentest requires a different approach. HackDefense tests your application for resistence to attacks on their network connection, but also whether other apps on the same device can read or write your app’s data, for example. We prefer including source code in our review, but installing your app on one of our test devices is an option too. Contact us to discuss possibilities!
Applications that use DigID (Dutch government) authentication have to undergo an annual audit. Part of this audit is a penetration test. Our thorough tests provide a lot of insight into the application’s security. We also link our results to the Dutch government’s security standards for web applications and DigID audit standards so that our report fits perfectly into the wider audit report.
Our testing team consists only of ethical hackers with a completed Computer Science degree, so we don’t shy away from some source code. To the contrary! Aided by static analysis of the code, preferably alongside a running instance of the test object, we provide you with insights into potential security holes in the software you are building and/or using.
Phishing Tests / E‑Mail Penetration Tests
HackDefense founded the Phishingtest.com service (a joint venture with our colleagues at Audittrail) and provides the technical know-how when testing organisations’ vulnerability to (spear)phishing and ransomware. Using Phishingtest.com, you can make your employees aware of the threat posed by phishing and spearphishing, by e‑mail and using text messages. Also, we provide you with insight into your e‑mail infrastructure’s robustness against these kinds of attacks.