At BOSSIT, we adhere to the PTES methodology, which encompasses a structured approach to penetration testing. This standard is divided into sections that define what should be included in a qualitative penetration test.
PTES defines penetration testing in seven phases:
According to the PTES methodology, we conduct various tests including but not limited to network scans, port scans, vulnerability scans, DNS recon, SNMP recon, sniffing, Man-in-the-Middle (MiTM) attacks, specific system errors, etc.
Our comprehensive approach to application penetration testing includes vulnerabilities from the Open Web Application Security Project (OWASP) Top 10, including but not limited to: injection, authentication errors, unauthorized access, security misconfigurations, XSS, searching for known vulnerabilities, and more.
Within our Pentest As A Service, we follow established frameworks such as PTES (Penetration Testing Execution Standard), ISSAF (Information Systems Security Assessment Framework), OWASP (Open Worldwide Application Security Project), and OSSTMM (Open Source Security Testing Methodology Manual).
Our approach consists of approximately 80% manual testing and about 20% automated testing. Automated tools make testing more efficient, but primarily during the initial phases of a penetration test. At BOSSIT, we believe that an effective and comprehensive penetration test can only be achieved through rigorous manual testing techniques.
We view the reporting phase as the beginning of our relationship. At BOSSIT, everyone strives to provide the best possible customer experience and service to our clients. As a result, our report is just a small part of our deliverables. We offer clients a knowledge base for problem-solving and dedicated staff to assist you.
Our goal is to help our clients enhance their ability to remediate vulnerabilities, not just identify them. Consequently, remediation re-testing is provided at no extra cost for up to six findings within six months after project completion. If a significant number of findings need to be re-examined, or if additional remediation retests are required, please contact us to find a solution that meets your specific needs.
Our reports detail everything our ethical hackers have found, how we found it, and the best approach to remediate the findings. Since our aim is to ensure that your systems or infrastructure are correctly addressed once we identify the issues, BOSSIT offers remediation testing at no extra cost. When you and/or your team are ready for us to retest, just give us a call. Whether it’s in two weeks or two months, we remain prepared to retest your adjustments to vulnerabilities and schedule this when you are ready.
If you have questions that arise during your remediation, whether related to your testing or not, please call or email us, and we will ensure you get the answers you need.