Actionable results for specific goals

Web App pentests attempt to exploit your environment and associated systems to highlight any underlying vulnerabilities. Web application assessments at Alacrinet employ the Penetration Testing Execution Standard (PTES) penetration testing methodology for a defined, repeatable, and high-quality assessment as a baseline for our testing. This process utilizes both commercial and proprietary tools to analyze and test the security of web applications.

Leveraging our in-house threat models, Alacrinet expands its testing scope, beyond traditional penetration testing methods, to expose as many potential attack vectors as possible.

With the increased sophistication and usage of mobile applications, organizations are now facing yet another attack vector in their digital infrastructure. With industry-leading experts in mobile app security, Alacrinet provides in-depth security analysis and testing for applications on iOS and Android. This rigorous security audit aims to attack the application and its server (if applicable) in multiple ways, highlighting any vulnerabilities within its code.

External network penetration testing is necessary to identify vulnerabilities identified on external-facing networks, systems and services. The benefits of external network penetration testing include identifying software patches that must be installed, uncovering misconfigured software, firewalls or operating systems, identifying needed encryption or secure protocols, and finding vulnerable network attack vectors.
‍
Internal network penetration testing is necessary to identify threats ranging from potential malicious insiders exfiltrating data and compromising access credentials to corporate network vulnerabilities such as unpatched systems and misconfigurations to ensure all potential attack vectors are identified.

Alacrinet’s network penetration testing employ the Penetration Testing Execution Standard (PTES) for a defined, repeatable, and high-quality assessment. Beginning with automated scanning and enumeration tools, a list of potential vulnerabilities is then accompanied by manual analysis, testing, and verification. Using a range of techniques and a vast internal knowledge base, Alacrinet’s security assessors then attempt to safely exploit these identified flaws, highlighting and demonstrating the associated level of risk.

Alacrinet applies a proprietary methodology to assess the security of an AWS environment by replicating real-world scenarios where AWS credentials or API keys have been compromised and the environment is breached. Playing the role of a malicious actor, the goal is to identify points of weakness in the AWS configurations, escalating privileges, remotely accessing EC2 instances, accessing database, S3 data, establishing persistent access, and staying under the radar. Alacrinet’s proprietary AWS penetration testing methods demonstrate the security risks of this additional technology layer, and how a sophisticated cloud attacker could exploit them. During this verification and exploitation phase, there are several vulnerability types we can identify.
‍

Firewall configuration assessments and testing takes a deeper dive into today's modern firewalls. The sophistication and construction of modern-day firewalls is such that security professionals must think beyond the capabilities of an automated scanner. Taking the perspective of a malicious actor and someone who understands the complexity of the modern-day firewall, we have created proprietary methodologies for testing the overall configuration and strength of your firewalls.

Our goal is to investigate the firewall itself instead of solely focusing on devices that are published through the firewall.  During testing, not only do we attempt to penetrate the firewall, but we try to bypass it as well.  This method allows us to discover vulnerabilities and exploit poorly implemented security policies. Our firewall configuration testing methodology helps us guide your organization through the proper implementation of security controls.

Alacrinet’s security assessors will attempt to leverage discovered vulnerabilities and test for key security flaws.
‍