Security Testing
Applications need to be secure and protect their users’ data. In the short term, security testing can reactively help you solve existing vulnerabilities in your application(s). In the long term increased security awareness can proactively streamline the process of fortifying your application(s) and new features by integrating security testing.
How we help you by testing
Different forms of security testing
1
Penetration test
Perform a penetration test against your company network or application infrastructure. The test can be followed by your security team for detection, monitoring and mitigation.
- Web application (frontend) based on the OWASP Top 10 of most common vulnerabilities
- API security (backend) based on the OWASP API Security Top 10
2
Device security
XFA software ensures that only secure devices are used for work. They conduct essential checks on each device upon login, such as up-to-date operating systems and browsers, disk encryption, password configuration, etc. This enables you to mitigate 90% of the risk.
3
4
Trainings and bootcamps
Provide training to your employees on a variety of topics regarding security. Trainings can be online or on-site. See The Bright Academy for more information.
In cybersecurity, it's often human errors that pose the biggest risks. Stay sharp and stay safe!
Frequently asked questions
What's the process?
- Scope determination
Which applications, API’s and infrastructure must be included in the tests? - Kick-off & preparation
Set up a test environment with the technical team and schedule a follow-up meeting with all relevant stakeholders. - Test execution
We test your application/infrastructure or set up a phishing simulation. In addition, an automation setup is possible, if applicable for the type of test. - Reporting & knowledge sharing
Team leader coordinates and bundles reporting. - Follow-up & training
If requested we can provide follow-up and if useful organize training for your in-house QA’ers.
- Scope determination
Do you work with partners?
Which tooling do you use?
We are vendor-agnostic and always search for the perfect fit with the client/project. In the past we already worked with postman, portswigger and Kali.
What is the lead time of a project?
This varies. For a pentest we aim at 10 working days.
How often should you conduct penetration tests?
This varies and is dependent on factors like: regulatory requirements, the complexity of the systems, and the organization’s risk profile. As a general rule, we recommended at least annually or after significant changes to the system/implementation of a new system/website/application/…
Other solutions
Let’s work together