FAQs

Background
share close

It has been a worldwide trend that small, medium and even large organizations are in the news for being hacked. Therefore, it has become a necessity to secure your business and conduct periodic penetration testing.

SECLINQ penetration testers will thoroughly examine your networks, systems and provide awareness to your employees. Our team focuses on manual testing but also uses automated tools to reach the best results.

The benefits include but not limited to:
  • A detailed analysis of the risks your business is facing from hackers.
  • A comprehensive list of vulnerabilities and detailed recommendations to fix them.
  • An overview over time about your progress by doing periodic penetration testing.

Cybersecurity experts also known as ethical hackers, simulate real hacking techniques to identify any security gaps before someone with malicious intentions discovers them. SECLINQ’s offensive security team has extensive experience conducting security testing and vulnerability assessments. As a part of our penetration testing process, our knowledgeable security experts perform attack simulations and, in the process, uncover ways hackers can try to gain access. Our goal is to find weaknesses in your cyber defenses so you can put a stop to a security breach before it starts.

Web Application Penetration Test

SECLINQ provides web application penetration testing for your business to improve its security. Web application penetration testing services proactively assess applications to identify vulnerabilities, such as those that could lead to unauthorized access, the loss of sensitive users’ data and financial information.

Infrastructure Penetration Test

SECLINQ aims to defend businesses from cyber criminals. Infrastructure penetration testing is one of the main methods to use for securing your business and protecting your data.

It is the process of thinking like a hacker to break into an organization’s network and systems.

This is done by leveraging a combination of expert manual testing and commercial, open-source, and proprietary software to fulfill the test objectives. An internal infrastructure penetration test can be either authenticated or unauthenticated, and each provides a different level of information.

Wireless Penetration Test

SECLINQ can perform wireless penetration test on WIFI, Bluetooth, and various other wireless technologies.

Wireless technology is becoming more and more widely used, and it is often not as secure as other components in organizations’ infrastructure. Due to the wireless networks’ nature that it is accessible with fewer physical boundaries, it can be an easier target for attackers.

We initially perform an architecture review in order to identify the implementation of wireless devices across your network. So we can verify if it matches the real case or there are other wireless networks that your organization missed. For example, a rogue device connected attacking your business users.

We will also scan the network for default credentials or weak passwords on wireless management devices from the wired network. In addition to public exploits on these network or web interfaces.

SECLINQ team will Use the latest techniques and tooling to intercept the data transmitted and try to crack the encryption being used.

Mobile application Penetration Testing

SECLINQ provides mobile application penetration testing for your business to improve its application security. During this test vulnerabilities are identified manually and by using automated tooling such as Burp Suite, Frida and in-house created tools.

Vulnerability Assessment

A vulnerability assessment is a process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities of a system or systems. SECLINQ will identify vulnerabilities within the in-scope systems, quantify their risk and prioritize them according to importance. Unlike a Penetration Test, these vulnerabilities will not be exploited.

Security Code Review

SECLINQ performs security code review to help you find potential security vulnerabilities in your source code. Most security problems are caused by critical vulnerabilities in applications. Code reviews identify security gaps in the source code thus minimizing potential risks.

We are very transparent about our pricing, the cost of a penetration test will depend upon the size of the environment or application to be tested, the objectives of the test, with other factors. Do not hesitate to contact our team and they will scope your test and provide both time and cost estimates.

For instance, some factors that our team considers to decide the overall cost include the number of live IP addresses, applications size and functionality, the objective of the test, etc.

Naturally, businesses will want to know how long their test will take. Most testing projects last between one to six weeks. The complexity and location of the facility and sensitivity of the information will determine the schedule. Testing a one-doctor medical office won’t usually take as long as working with a global enterprise. Of course, the time the test takes may also depend upon any weaknesses or vulnerabilities uncovered and the sensitivity of the information that the security system should protect. After scoping the project, the testing team can offer a detailed estimate. With that said, after scoping the project and conducting an evaluation, our testing team can propose a detailed schedule estimate before any testing work begins.

We understand that clients often have hard deadlines that they’re trying to meet.
Whether you’re trying to meet client requirements which rely on pentest results or have an annual compliance requirement, we do best to accommodate your timelines. Unfortunately, manual penetration testing takes some planning and preparation for our testing team.

With that said, if you have an urgent project feel free to contact us about timelines.  Depending on needs and timelines, we may have the ability to pull resources off of a research project and get started immediately.

Early in the process we try to familiarize ourselves with your company and the scope of work so that we’re able to create an accurate proposal. We intentionally gather this information so that we never come back requesting for more testing time (and additional costs.) The more information you’re willing to share, the better assessment we can provide.

With that said, some clients may be seeking a Blackbox approach where little information is provided, simulating a real world attack and response. In this case scenario, we still need to grasp the size/complexity needed for testing and therefore have some basic questions to scope.

A question we hear often is can we meet compliance requirements. While this certainly requires a deeper discussion, our testing is in compliance with multiple pentesting compliance frameworks including ISO27001, PCI, HIPAA, SOC2, and others.

Some of the key components to our penetration testing report, include but are not limited to:

  • Scope
  • Control Framework  (ie: OWASP, NIST, PCI, PTES, OSSTMM)
  • Timeline
  • Executive Summary
  • Technical Summary
  • Report Summary Graphs
  • Summary of Findings
  • Findings (Description, Risk explanation, Recommendations, Evidence, References, CVSS, Risk Rating Calculation)
  • Methodology and Approach
  • Risk Rating Factors
  • Tools used

One of our core goals as an organization is education. We work to make sure your team has a full understanding of your Red Teaming or penetration testing deliverables before the end of our engagement and are available thereafter to conduct follow-up retest at no additional cost.