Penetration Testing

Manual penetration testing adds the benefit of specialized human expertise to our automated binary static and dynamic analysis — and it uses the same methodology cyber-criminals use to exploit application weaknesses such as business logic vulnerabilities.

Reducing false negative (FN) rates in your most critical applications requires a combination of multiple techniques, including SAST, DAST and manual penetration testing. 

Our cloud-based platform provides a single central location for consolidating results from these multiple techniques, as well as for sharing results across multiple teams and evaluating risk using a consistent set of enterprise-wide policies. 

When used in conjunction with our automated analysis — both SAST and DAST — you’ll be better able to identify all application-related vulnerabilities of measurable risk. For example, certain vulnerabilities such as Cross-Site Request Forgery (CSRF)  an OWASP Top 10 vulnerability  are only detectable via manual techniques. 

In addition to standard vulnerability classes from the OWASP Top 10 and CWE/SANS Top 25, our manual penetration testing  services also provide coverage for other types of vulnerabilities such as design, business logic and compound flaw risks. 

Our manual penetration testing teams consist of elite security practitioners with real-world experience finding exploitable vulnerabilities that can have the highest impact on your business.

How manual penetration testing works

  • We work with you to customize the scope of each project, determining which applications and vulnerability classes to focus on.

  • Focused manual penetration testing examines specific flaw categories that currently require manual inspection to determine adequately. The purpose of focused manual penetration testing is to identify specific application vulnerabilities within scoped domains.

  • Comprehensive manual penetration testing extends beyond identifying discrete vulnerabilities. The goals of these assessments are more situational, such as investigating whether multiple lower-risk flaws can be compounded into a more significant attack scenario.

  • Results from the automated and manual testing are combined to deliver a consolidated assessment report to simplify the remediation process.