Penetration Testing
Test your systems before they test you. Start building your cyber security resilience today.
Contact UsWhat We Do?
Blueprint’s core focus is penetration testing. Blueprint offers a wide variety of penetration tests. Penetration tests are used to identify, exploit, and report any security issue discovered in an organization’s network, application, device and/or system.
Our security team is packed with:
Dedicated Security Professionals
Our team is full of talented security researchers, we recruit based on talent, experience and expertize. However our team shares a passion for cyber security and the need to deliver the best results for our clients
Diverse Security Backgrounds
Our consultants have different security specializations, offering the right professional for each project
Certifications
Our consultants each hold all the required industry standard certifications
Experience
Our consultants have year of experience and work in teams to ensure full coverage
Our most conducted types of penetration tests
Web Application
Each web application is unique and can range from a simple one pager to a complex application, with many interconnected integrations (third party APIs, Database connections, dependencies).
Web applications tend to be public facing and hence they are easier to target than private systems. Hackers and malicious actors tend to target web application.
Our testers have perfected the art of web application penetration testing. We follow the The OWASP Application Security Verification Standard. For more information on our working methodology, please reach out below
External Network
An External network penetration test assesses the security of your organization’s “outer shell”. Blueprint identifies and exploits any issues detected on the external network. Blueprint can target any of the organizations internet facing assets.
External network penetration tests tend to be straightforward and fast to complete.
However, depending on the type and size of externally available assets, the organizations desires and scoping information, test can vary in length.
If your organization wishes to learn more about external network penetration tests and if this is something that would benefit your organization, please reach out below
Internal Network
Organizations concerned about hackers accessing their internal networks, either remotely or onsite, should consider purchasing an internal network penetration test.
Our penetration testers start with a minor foothold (access to a company device for example) or limited access to an internal network onsite. From here our penetration testers, use security issues and exploits to see how far they can move through the organizations network and collect as much information and privileged access as possible.
Depending on how large and complex an organizations internal network is, these tests tend to take longer than compared to other penetration tests.
After our penetration testers have compromised your network, we provide in-depth reports on how this was performed and recommendations on how to fix these issues.
To learn more about our working methodology or to see if this is something that may benefit your organization, please reach out below
Mobile Application
Mobile applications are also targeted by hackers and malicious actors as mobile applications tend to collect large amounts of user data. Discovering security issues and patching them before they are exploited by these third parties is very important.
At Blueprint, we have consultants specialized in testing both iOS and Android applications. Our consultants follow the OWASP Mobile Security Testing Guide. If your organization is interested in learning more, please reach out below
Penetration Testing Approaches
Choose the penetration test approach that fits your organization best
Whitebox Penetration Test
Whitebox penetration testing means that blueprint consultants have full knowledge of the application/network/system’s architecture, login credentials for different user roles (if present) and access to source code. The advantage of a Whitebox penetration test is that the consultants can easy explore all aspects and functionality of the system/application in scope. This ensures that the customer receives a very comprehensive, reliable and time effective penetration test.
Contact for more info
Blackbox Penetration Test
Blackbox penetration testing means that blueprint consultants have zero knowledge of the application/system in scope. This models the same knowledge a “real attacker” would have when they first target an organizations application/system. This is a scenario that is typically faced by organizations when they are targeted. However, “real attackers” have a time advantage and can spend months researching an organizations system/application. This reconnaissance takes time to build up an attack surface that an attacker can use to then exploit. Therefore, this should only be purchased by an organization if they have already performed multiple penetration tests and have invested heavily in defenses, and now want to have this thoroughly tested.
Contact for more info
Graybox Penetration Test
Graybox penetration testing means that blueprint consultants will receive some information on the system/application but not as in-depth as a whitebox test. This could be the URL and user credentials to a web application. Our testers will first test unauthenticated and only if no progress is made, then they will utilize the information that the client has provided to continue testing.
Contact for more infoHow We Do It?
We make your security project stress-free for you to have the perfect control.
Scoping
Our Consultants are involved from the intial scoping phase, to ensure a clearly defined scope, and to ensure that your security goals are reached
Testing
After the scoped is agreed and the timeframe set, our consultants will commence the penetration test. During the project duration, our consultants will work in teams to ensure maximum coverage of the scoped project
Reporting
After we found all the issues within scope, our consultants will deliver a full penetration test report. Prior to report delivery, the report must undergo our QA cycle by another team member to ensure the quality is up to standard
Aftercare
Blueprint always offers aftercare to ensure that you and your team know how to fix the issues found, we always have a closing report discussion to ensure everything is clear enough to implement our recommendations
Book a Free Consultation Now
Get the right advice from the start, or tell us what you are looking for. Book a free consultation below