Pentest

Identify vulnerabilities before attackers do

Controlled simulation | Advanced techniques and tools | 100% ethical focus

Black Box Pentest

Black Box

External attack

The auditor simulates a real attacker without prior knowledge of the system, credentials, or internal documentation, using industry-recognized offensive security tools and techniques.

Identifies vulnerabilities and security weaknesses from the perspective of an external attacker and tries to exploit them—always within ethical boundaries that do not cause harm to the audited company.

Light Package

Designed to identify vulnerabilities from the perspective of an external attacker, focusing on the most common and critical weaknesses.
An essential entry-level package that covers the most important security controls.

  • Collection of public and externally accessible information
  • External reconnaissance
  • Basic fuzzing
  • Targeted exploitation of some identified and selected vulnerabilities
  • Single report combining executive and technical results

Full Package

The goal is to identify vulnerabilities from an external attacker’s perspective, covering most known weaknesses.
A comprehensive package to ensure a solid security level.

  • Collection of public and externally accessible information
  • Advanced reconnaissance and attack surface mapping
  • Exhaustive fuzzing and manual testing
  • In-depth exploitation and attack chaining
  • Validation of impact and risk level
  • Executive and technical report with remediation recommendations

Light Package

Identifies relevant vulnerabilities from the perspective of an external attacker, enriched with simulated internal knowledge.

  • All tasks included in the Black Box Light scope
  • Efficient identification of internal security weaknesses
  • Review of provided documentation and architectural diagrams
  • Prioritization of findings based on context
  • Targeted exploitation phase
  • Single report combining executive and technical results

Full Package

Simulates a highly informed attacker to achieve maximum coverage and depth in a single assessment. The most comprehensive option for validating your security controls against realistic threat scenarios.

  • All tasks included in the Black Box Full package scope
  • In-depth identification of internal security weaknesses
  • Thorough review of documentation, architecture, and data flows
  • Risk-based prioritization of findings, considering context and asset criticality
  • Advanced exploitation and attack path validation
  • Executive and technical report with remediation recommendations
Gray Box Pentest

Grey Box

Partial access

Targeted assessment performed with partial knowledge of the environment, simulating an attacker with limited internal access or restricted contextual information.

Allows for faster and more accurate identification of relevant vulnerabilities by leveraging contextual knowledge. An efficient approach focused on what really matters to improve the security posture.

Recommended after a Black Box assessment to confirm breaches detected from the inside and to fine-tune with QA testing.

White Box Pentest

White Box

Full access

Comprehensive security assessment performed with full remote access to the environment, including system documentation and source code.

Provides deep insights into security weaknesses through a combination of design and code analysis.

We combine expert design review with thorough code analysis to identify hidden vulnerabilities. Gain actionable insights revealing critical weaknesses before they are exploited, with a special focus on your application’s business logic.

Light Package

Provides a deep view of security weaknesses through a combination of design review and code analysis.

  • All tasks included in Grey Box Light scope
  • Review of detailed system and architectural documentation
  • Source code review focused on critical components
  • Static analysis to identify common and high-impact vulnerabilities
  • Dynamic testing and targeted exploitation
  • Single report combining executive and technical results

Full Package

Offers the highest level of assurance by identifying vulnerabilities that cannot be detected by external testing alone.
The most complete option for achieving maximum security confidence and effective risk reduction.

  • All tasks included in the Grey Box Full package scope
  • Comprehensive review of architecture, configurations, and trust boundaries
  • Complete application security testing, both static and dynamic (SAST and DAST)
  • Manual code review to identify complex logical flaws and critical vulnerabilities (e.g., SQL injection, authentication and authorization failures)
  • End-to-end exploitation and impact validation
  • Executive and technical report with detailed remediation recommendations

Do you want to strengthen your business security?

Do you want a team to support you every step of the way?

Contact edataconsulting