About

Are you thinking ahead about web application security? Got a new development that’s going live? Is penetration testing a compliance requirement for you? Or is penetration testing a result of a recent incident?

Aside from penetration testing, we provide professional services to assist with remediation and recommendations resulting from a penetration test. Incident response, forensic media copy, password audit, architecture reviews & risk assessment, secure code reviews, and application firewalls (WAF).

Hackers can see what ever services you have listening on your external facing IP addresses. Our external penetration testing will thoroughly test the services listening on your external facing infrastructure, firewalls, IPS, and VPNs. We’ll identify vulnerabilities so that you can secure them before hackers get in.

Black–box security testing refers to a method of software security testing in which the security controls, defenses and design of an application are tested from the outside-in, with little or no prior knowledge of the application’s internal workings. Under Black Box Testing, you can test these applications by just focusing on the inputs and outputs without knowing their internal code implementation.

Why do we use black box testing?

Black box testing is used to test the system against external factors responsible for software failures. This testing approach focuses on the input that goes into the software, and the output that is produced.

Acunetix AcuSensor (IAST) technology allows you to find and test hidden inputs not discovered during black-box scanning (DAST) with the Highest detection rating of over 6500 vulnerabilities in custom, commercial, and open source apps with nearly 0% false positives.

How does your internal infrastructure stand up against attacks from rogue employees, contractors, guests, and malicious software? Our internal penetration testing service will show you exactly how. We’ll attempt to obtain domain admin, access critical data, and show you exactly how we did it, and how to fix it.

IAST: Thinking Inside the Box

DAST scanners first crawl a web application before scanning it. This lets the scanner find all exposed inputs on pages within the web application, which are then subsequently tested for a range of vulnerabilities. SAST scanners have an advantage when it comes to code coverage because the scanner has access to the application code. This means that it knows about all the application inputs, including hidden ones that are not exposed.

To address this issue, a grey-box methodology has been developed. Interactive Application Security Testing (IAST) combines the benefits of black-box and white-box methodologies. Acunetix is one of the first DAST solutions to use this methodology.