Penetration Testing Services
JB Cyber provides a range of cost effective Web, Mobile and API Penetration Testing services.
Why JB Cyber?
- Excellent communication from experienced professionals Our penetration test team are also experienced software developers. We work on both sides of the fence. Our customers tell us that our reports are more helpful and actionable because we understand the development side too.
- Tailored testing We don't provide one-size-fits-all testing. We work with you to ensure that our test process matches your needs.
- Direct access for ongoing support. The penetration test lead who prepares your report is the same person who is available to answer questions about it and help with remediation and retesting if required.
- No outsourcing We don't hand off your work to someone else, we do it ourselves here in Australia.
Our process
Our process is designed to cover as much surface area as possible without disruption to your normal business or systems.
- Scope We engage with you to define the test's scope and identify the systems to be tested. Normally the scope provides for a light scan of Production systems and a much more comprehensive test of the Test/QA systems. Together we define the rules of engagement that describe test boundaries and how we should act under different scenarios including vulnerability discovery or system failures. We prepare a bespoke proposal with pricing for your consideration.
- Reconnaissance under the agreed scope we gather intelligence about your systems. We scan for domain names, IP addresses, open ports and any unexpected exposures.
- Automated Scanning We use the best off-the-shelf scanning tools as well as our own custom tools to scan your in-scope systems and find potential weak points for further analysis. This phase and subsequent phases normally focus on Test/QA systems.
- Manual Vulnerability Assessment We use our scan results to inform a more detailed manual analysis of your systems.
- Trial Exploitation We explore discovered vulnerabilities to measure their impact but stop short of deliberate damage. Our usual rules of engagement specify that we will contact you immediately if we discover any high urgency vulnerabilities.
- Detailed Reporting We provide a comprehensive report that gives your executive team a high-level overview and your technical teams a clear path to remediation.