A penetration test can be specific or broad depending on what you wish to test. For example, you may have a suspicion that a particular part of your application is vulnerable to a specific vulnerability class. This can be in case you have identified a vulnerability class in your application for the first time, and you want to assert whether it is a general problem and other parts of your application are vulnerable to the same vulnerability class. Another motivation to conduct a penetration test is to get an outsiders perspective and look for unknown security issues and risks in your application. Sometimes you work so hard to secure your application against a particular set of risks, and because of that it is almost easier for an adversary to identify the next obvious entrypoints to your application. Whichever you choose, we can help, and we have carried similar audits in the past. Ada Logics has audited software packages that are 20 years old, that run the worlds software and that likely have had thousands of hours of security scrutiny, and we have audited new projects where the customers were interested in high impact security hardening for young software projects.
A penetration test can often with increased outcome be combined with a source code audit where we can both run your software as you do in production and we can audit the source code. If you are planning a penetration test, we highly recommend this approach. Hiding the source code - in other words “security by obscurity” - is often not an adequate security mechanism, and giving us - the adversary - as much insight into your application will yield the highest results for you.
A skilled attacker can see where you have hardened your application and where you haven’t. Often, the more you have worked on securing one part of your application, the clearer it becomes for an adversary to find the weak spots that you haven’t hardened. A penetration test can be a great process to explore where an adversary can break into your application, and you can explore the ways in which you have not secured your application.
We can threat model your application to identify its attack surface, threat actors, trust zones and trust flow and security controls.
Ada Logics can take an attackers perspective and attempt to steal your data, damage your application, infiltrate your infrastructure and compromise your users in a controlled environment.
Your penetration test will be carried out by our security researchers that have expertise in a wide set of programming languages and technologies.
Penetration tests can include automated testing such as dynamic and static analysis.
We can help with testing your assets as a one-time engagement.
We are available for regular penetration tests such as yearly or half-yearly engagements. Code changes over time, and vulnerabilities can get introduced. Catch them with yearly checkups. Alternatively, a yearly penetration test helps your eradicate easily-exploitable bugs and find deeper security issues.
We have found vulnerabilities in the biggest and most widely used open-source software projects.
