Czech 100 Best
Award holder
2020 & 2021
  • Čeština
  • English
  • Čeština
  • English

Penetration testing

Penetration tests simulate real-world cyber-attacks on information systems or networks to detect and identify security vulnerabilities. The tests are conducted by specialised experts who systematically examine an organisation’s software applications, hardware and infrastructure.

Penetration testing allows us to determine not only the security of your systems, but also the resilience of those who protect them.

The result of the penetration test is a report that summarises the positive aspects of your current security and suggests specific solutions to address the weaknesses identifie

Penetration testing offer

External ICT test – basic

The objective of this test is the testing of the security and functionality of the elements of systems which are publicly available. This basic test option gives you a basic overview of the security of your system and web applications. The tester uses a set of tools. The tester then manually verifies the results.
Services in the test

These are non-cooperative external penetration tests that include:

  • Automated tests of the web application from the perspective of a normal user of the application.
  • Automatic API tests.
  • Tests to extract information, identify functional systems.
  • General vulnerability tests.
  • Tests related to system infrastructure characteristics.
  • Tests on publicly available servers.
  • Configuration reliability tests.
  • Tests for the existence of backdoors.
  • Tests of authentication and access control schemes.
  • Tests of firewalls.
  • Router tests.
  • Operating system checks.
  • Tests for application errors and system defects.
  • Operational security weakness tests.
Test output

The output is a written report containing:

  • Information on the security status of each of the areas and security policies examined.
  • Detailed procedure of the penetration tests performed, including tools used, techniques, responses of the client’s staff and the result of the testing.
  • A proposal of the measures recommended to remedy the problems found.

External ICT test – extended

The aim is to verify the security and functionality of the elements of publicly available systems. In the more advanced version, the tester also carries out extended manual tests that are based on the evaluation of the potentially vulnerable areas. These tests can also detect vulnerabilities and errors that are not detected by conventional tools. The tester also escalates an attack as a real attacker would, by performing attempts to exploit the potential vulnerabilities found.
Services in the test

These are non-cooperative external penetration tests that include:

  • Automated and then manually verified tests of the web application from the perspective of an unauthenticated and possibly authenticated user.
  • Manual testing of the web application focused primarily on the functioning of the application. Possible privilege escalation or the possibility of unauthorized access to other users’ content
  • Automated API tests and manual API tests.
  • Tests to obtain information, identify functional systems.
  • General vulnerability tests.
  • Tests of publicly available servers.
  • Tests relating to the characteristics of the system infrastructure.
  • Configuration reliability tests.
  • Tests of authentication and access control schemes.
  • Tests of firewalls.
  • Operating system checks.
  • Tests for application errors and system defects.
  • Operational security weakness tests.
Test output

The output is a written report containing:

  • Information on the security status of each of the areas and security policies examined.
  • Detailed procedure of the penetration tests performed, including tools used, techniques, responses of the client’s staff and the result of the testing.
  • A proposal of the measures recommended to remedy the problems found.

Internal ICT test

The aim of internal penetration tests is to verify the security of the system within its operational environment and the operation of the internal network, where a lower level of security can be assumed. A controlled attack on the customer’s network will be carried out, i.e. the behaviour of a potential attacker attempting to penetrate the internal network will be simulated. A controlled attack from the LAN will be performed.
Services in the test

These are cooperative internal penetration tests that include:

  • Tests to obtain information, identify functional systems.
  • General vulnerability tests.
  • Tests related to system infrastructure characteristics.
  • Tests on configuration reliability.
  • Tests for the existence of backdoors.
  • Tests of authentication and access control schemes.
  • Operating system checks.
  • Tests for application errors and defects in the system.
  • Tests for lack of operational security.
  • Weakness tests involving points of failure, with the aim of causing denial of service of web applications.
  • Interception of communications with the system.
  • Interception and redirection of these communications.
  • Misuse of intercepted information and communication towards application services (servers).
  • Attacks on system users through the system.
  • Testing of wi-fi access points.
Test output

The output is a written report containing:

  • Information on the security status of each of the areas and security policies examined.
  • Detailed procedure of the penetration tests performed, including tools used, techniques, responses of the client’s staff and the result of the testing.
  • A proposal of the measures recommended to remedy the problems found.
Services in the test

These are non-cooperative external penetration tests that include:

  • Automated tests of the web application from the perspective of a normal user of the application.
  • Automatic API tests.
  • Tests to extract information, identify functional systems.
  • General vulnerability tests.
  • Tests related to system infrastructure characteristics.
  • Tests on publicly available servers.
  • Configuration reliability tests.
  • Tests for the existence of backdoors.
  • Tests of authentication and access control schemes.
  • Tests of firewalls.
  • Router tests.
  • Operating system checks.
  • Tests for application errors and system defects.
  • Operational security weakness tests.
Test output

The output is a written report containing:

  • Information on the security status of each of the areas and security policies examined.
  • Detailed procedure of the penetration tests performed, including tools used, techniques, responses of the client’s staff and the result of the testing.
  • A proposal of the measures recommended to remedy the problems found.
Services in the test

These are non-cooperative external penetration tests that include:

  • Automated and then manually verified tests of the web application from the perspective of an unauthenticated and possibly authenticated user.
  • Manual testing of the web application focused primarily on the functioning of the application. Possible privilege escalation or the possibility of unauthorized access to other users’ content
  • Automated API tests and manual API tests.
  • Tests to obtain information, identify functional systems.
  • General vulnerability tests.
  • Tests of publicly available servers.
  • Tests relating to the characteristics of the system infrastructure.
  • Configuration reliability tests.
  • Tests of authentication and access control schemes.
  • Tests of firewalls.
  • Operating system checks.
  • Tests for application errors and system defects.
  • Operational security weakness tests.
Test output

The output is a written report containing:

  • Information on the security status of each of the areas and security policies examined.
  • Detailed procedure of the penetration tests performed, including tools used, techniques, responses of the client’s staff and the result of the testing.
  • A proposal of the measures recommended to remedy the problems found.
Services in the test

These are cooperative internal penetration tests that include:

  • Tests to obtain information, identify functional systems.
  • General vulnerability tests.
  • Tests related to system infrastructure characteristics.
  • Tests on configuration reliability.
  • Tests for the existence of backdoors.
  • Tests of authentication and access control schemes.
  • Operating system checks.
  • Tests for application errors and defects in the system.
  • Tests for lack of operational security.
  • Weakness tests involving points of failure, with the aim of causing denial of service of web applications.
  • Interception of communications with the system.
  • Interception and redirection of these communications.
  • Misuse of intercepted information and communication towards application services (servers).
  • Attacks on system users through the system.
  • Testing of wi-fi access points.
Test output

The output is a written report containing:

  • Information on the security status of each of the areas and security policies examined.
  • Detailed procedure of the penetration tests performed, including tools used, techniques, responses of the client’s staff and the result of the testing.
  • A proposal of the measures recommended to remedy the problems found.

Phishing test

The aim of this service is to check the level of security awareness of employees in the form of a phishing test, in particular whether employees can detect various forms of phishing emails and respond adequately to them. The phishing test will also examine compliance with processes and security policies within your company.
Services in the test

This service will include:

  • Sending fraudulent emails to users.
  • Measurement of active response to a spoofed email – “click through” to a link in the email.
  • Recording the response of users who alerted to a suspicious spoofed email.
  • Endpoints are not infected during the test.
Test output

As part of the output from the phishing tests, you will receive a summary:

  • How many users opened the email.
  • How many users clicked on the link.
  • How many users entered the password.
  • Alternatively, how many users would allow access to Teamviewer.

Vishing test

The aim of this service is to check the level of security awareness of employees in the form of a vishing test, in particular, whether employees detect various forms of vishing calls and react adequately to them. The vishing test will also examine compliance with processes and security policies within your company.
Services in the test

As part of this service, a telephone test will be conducted to see if the employee:

  • Provide access to real personal information under the pretext of a relationship/need to deal with a particular matter.
  • Discloses non-public/protected information (e.g. password, salary, etc.) under the pretext of e.g. technical support.
  • Performs unwanted activities (opening email, entering password, etc.) under the guise of e.g. technical support.
  • Allowing access to Teamviewer under the pretext of e.g. technical support.
  • The scenario will always be discussed and agreed with the customer in advance.
Test output

As part of the vishing test output, you will receive a summary:

  • How many users provided access to personal data.
  • How many users disclosed non-public information.
  • How many users performed unwanted activity.
  • Alternatively, how many users would allow access to Teamviewer.
Services in the test

This service will include:

  • Sending fraudulent emails to users.
  • Measurement of active response to a spoofed email – “click through” to a link in the email.
  • Recording the response of users who alerted to a suspicious spoofed email.
  • Endpoints are not infected during the test.
Test output

As part of the output from the phishing tests, you will receive a summary:

  • How many users opened the email.
  • How many users clicked on the link.
  • How many users entered the password.
  • Alternatively, how many users would allow access to Teamviewer.
Services in the test

As part of this service, a telephone test will be conducted to see if the employee:

  • Provide access to real personal information under the pretext of a relationship/need to deal with a particular matter.
  • Discloses non-public/protected information (e.g. password, salary, etc.) under the pretext of e.g. technical support.
  • Performs unwanted activities (opening email, entering password, etc.) under the guise of e.g. technical support.
  • Allowing access to Teamviewer under the pretext of e.g. technical support.
  • The scenario will always be discussed and agreed with the customer in advance.
Test output

As part of the vishing test output, you will receive a summary:

  • How many users provided access to personal data.
  • How many users disclosed non-public information.
  • How many users performed unwanted activity.
  • Alternatively, how many users would allow access to Teamviewer.

We will uncover your security risks and provide an impenetrable protection strategy

Product

Company

Czech 100 Best
Award holder
2020 & 2021

Follow us

The implemented algorithms are consistent with the Czech NÚKIB recommendations

Talkey a.s. | IN: 091 01 942 | VAT ID: CZ09101942 | Personal data protection policy