Understanding Pentests

Penetration testing is a way to identify gaps in your cyber security that a hacker or rogue employee could exploit to gather and compromise sensitive data. There are different types of penetration tests to evaluate specific areas of your environment – like whether your customers’ PII is encrypted, or the data in your cloud is secure.

Pentesting should be done on a regular basis to minimize cyber security risks and meet compliance regulations. It's often done annually but many companies also benefit from quarterly tests to avoid gaps in new code releases.
‍

Top 5 Types of Pentesting

Web Application Penetration Testing
Mobile Application Penetration Testing
Network Penetration Testing
Cloud / AWS Penetration Testing
Firewall Penetration Testing

Learn more about the types of Penetration Tests

Understanding your goals is the first step to establishing the scope, frequency, and type of test that is best suited to meet your needs.

Request a Quote

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

Black Box + White Box = Better Results

Pentesting has traditionally been either Black or White. We take a Grey Box approach that combines Black Box and White Box tactics to give you the most comprehensive pentesting. This method goes beyond scripts and automation to deliver better results that help minimize your risk.
‍

A Black Box test is the most basic and is typically done via automated scans. In this scenario, the pentester will try to enter your network without any credentials.
A White Box test is a more advanced approach in which the pentester is given credentials to access your environment and see what they can do once inside.
Grey box testing involves both automated scans to test the strength of your credentials and manual testing by an expert.

Our Approach

We take a customer-focused and communicative approach to every penetration test. We keep you informed of what we’ll be testing and what you can expect next.

The Process

Introduction & Scoping call - understanding the goals and purpose of the test
Statement of Work (SOW) - this outlines the timeframe of the engagement and what specifically we'll be testing
Penetration Test - our pentesters complete their evaluation and generate the reports
Deliverables - this typically includes 2 reports and a debrief call, with follow-up remediation testing as needed
Summary report - to be shared with auditors and clients
Assessment report - if any issues are found, this is a more detailed report to be shared internally
Debrief Call - reviewing the results with your engineering team
Remediation Testing – If any issues are identified we’ll conduct remediation testing once your team has had an opportunity to fix the findings in our Assessment report

Download a Sample Summary Report

Thank you!

Download

Oops! Something went wrong while submitting the form

Download a Sample Assessment Report

Thank you!

Download

Oops! Something went wrong while submitting the form

Certifications

With backgrounds in technology, banking, and healthcare, our team of experts are top-tier penetration testers with decades of combined technical experience. The certifications they have earned reflect their breadth and depth of knowledge.

Our pentesters have earned the following certifications:

CISSP – Certified Information Systems Security Professional
OSCP – Offensive Security Certified Professional
OSCE – Offensive Security Certified Expert
CEH – Certified Ethical Hacker
GPEN – GIAC Penetration Tester
GWAPT – GIAC Web Application Penetration Tester
GAWN – GIAC Assessing and Auditing Wireless Networks

Alacrinet's team of expert pentesters have the technical certifications and skills to match your needs. We match their specific expertise and certifications to the needs of your project to ensure the highest quality results.

Compliance

Compliance regulations are becoming more and more important - and required - across a number of industries. Whether your company processes credit card information, maintains health records, or engages with the DoD, our team is certified to handle all requests and we'll walk you through the steps involved and provide clear deliverables to share with the auditors.