top of page
pentest header.png

Penetration Testing as a Service 

We are the providers of external and internal network penetration services, which could help reveal vulnerabilities before “real” hackers do.

Our Certificates 
Untitled_design__5_-removebg-preview (1).png
Group Certificates .png
Group Certificates 2.png
Our services

Why do you need a penetration test?

To effectively protect yourself against hacker attacks, penetration tests can give a clear picture of the system’s security situation. We give six reasons why organizations need regular pentests:

Protection of data and
intellectual property

A penetration test reveals weak points and checks how vulnerable a system is. Together with the customer, security measures are then taken to protect data in the event of an actual attack by malicious hackers.

Rectangle 1369.png
Copy of Тест на проникнення.png
Protection against Loss
of reputation

A penetration test, conducted by an independent third party, reduces the risk of an attack and thus protects against a possible loss of reputation.

Fulfilling legal obligations

Sensitive data require special protection. In the context of IT governance, numerous legal requirements require the proper operation of an information security management system.

In Meeting
Rectangle 1373.png
Recommendations for safeguarding measures

Anyone who has a penetration test carried out receives a detailed report that enables your IT management team to understand the risks of the current situation and gives IT specialists recommendations for specific security measures.

Quality management

Many companies set up internal QM systems to ensure the quality of services and products. In addition to code reviews for software products, penetration testing can be used to check and measure the reliability of information technology.

Copy of Тест на проникнення (3).png
Copy of Тест на проникнення (1).png
Certifications and Compliance

For certain industries and processes, it is necessary to meet standards. For example, companies that conduct credit card transactions must comply with the PCI data security standard. To achieve compliance, it is necessary to check systems by an independent third party. A security level proven by a penetration test is a clear competitive advantage here.

Types of penetration testing

Types and models of penetration testing that we offer

Qualified experts from ESKA can check and test vulnerabilities in all types in different infrastructure directions. There are several types of penetration testing:

Group 1165 (1).png
Group 1167.png
Group 1163 (2).png
Group 1166.png
Group 1164.png
Group 1168.png
How it works

How our white hackers work 

A penetration test is usually roughly divided into six phases:

Fill 1.png

Preparation

Fill 1 (1).png

Scanning phase

Fill 1 (2).png

Enumeration

Research of all artifacts and resources related to the customer (domain names, IPs, 3d party resources) including from Darknet. Сoordination of test objectives, scope, test methods, and devices.

At this stage, we are looking for open paths to computers and resources. The system is "touched" for the first time. Here we are attempting to obtain information from different sources.

This phase often runs at the same time as stage 2. Its goal is to get real, useful information through the security check.  At this stage, we search for suitable exploits, conduct detailed network analysis, hash cracking, and coordinate further attacks.

Fill 1 (3).png

Exploit phase

Fill 1 (4).png

Evaluation and

reporting

Fill 1 (5).png

Post-implementation review

Here we conduct the verification tests (exploitation of vulnerabilities, circumvention of security measures and active intrusion, man-in-the-middle attacks, post-exploitation, etc.)
Then we repeat levels 2 to 4.

To be able to realistically assess the actual security situation, a detailed report is necessary. During the final analysis, we evaluate and document the results, make the summary and presentation, and listing of weak points, and give recommendations for countermeasures.

We will provide specific recommendations for your further actions required and support you in their implementation if needed. We will check all corrections and improvements to make sure that our recommendations work in right way.

Methodologies we use
image 7.png
image 6.png
image 8.png
Why us
Why do you need to choose ESKA
for your pentest? 

Still have some hesitations whether cooperation with us is worth the trouble? Check 6 reasons why you should choose us

among other companies!

Collection.png

Experience

We have 8+ years of experience in the Cybersecurity market.

Yellow diamond.png

Reliability

ESKA that's not just a contractor it is your partner, that's why we are always ready to help in the future. We are always focused on relationships and on customer success!

Loading.png

Up to date

We always discover the cyber security market and use the most modern technics and tools.

Doctoral cap.png

Expertise

We have certified experts who are ready for the most difficult challenges.

Ai.png

Support

We don't provide just a report with an incomprehensible list of issues. We always manual check the vulnerability and explain in what way and how to close it, give road map and recommendations.

Magnascope.png

Verified

We are trusted by more than 200 companies (including Governments and international corporations).

image 10.png
Group 1171.png

Download a Sample of
Penetration Test Report

After performing penetration testing we present you with a comprehensive report on vulnerabilities that were found, how they could be exploited by cybercriminals and how to patch security issues.

What we done

Case Studies in Industries

Each month, we usefully close our projects. Here is the list of our recent ones.

Rectangle 1392 (2).png
Rectangle 1389.png
INDUSTRY
STARTUPS
INDUSTRY
INSURANCE

Penetration test for the international insurance company

Platform that provides people management solution for the SMB market

The main goal of this penetration test was an examination of the client's infrastructure through the third party for possible issues that could affect the security of the applications, infrastructure and privacy of its users. The assessment also checks and evaluates security configurations that ensure the confidentiality, integrity, and availability of the client's company sensitive data and other resources.
Our customer, a young startup with a strong customer case, asked us to conduct testing and provide an independent report on their vulnerability assessment. The web application was evaluated, and we provided it with a detailed report on its security status.
In the future, that report helped them confirm their level of security and raised the level of trust of their future customers.
Rectangle 1390.png
Rectangle 1388.png
INDUSTRY
FINANSIAL INSTITUTIONS
BIG
ENTERPRISES
INDUSTRY

The Logistics company wanted to check mobile application before launch

A financial company decided to improve its security

A dominant Logistic provider finished their new mobile application, developed by 3rd party contractor, and requested to check the security level of this mobile application.
As a result, our customers get the confirmation of the level of protection of the mobile application, recommendations for improving the level of security, and contractors' qualifications.
An international investment services company is constantly working with customers' crucial data and must ensure their security and safety.
In the future, the company was able to significantly increase the level of security and ensure the security of its customers.
Rectangle 1387.png
HEALTHCARE
INDUSTRY

Health Care medical center request for Wi-Fi penetration test

A medical center that has public Wi-Fi Access Points in places of concentration of visitors needed to check their secure perimeter and network security vulnerabilities. The test was made in two steps: Public internet SSID test and an internal corporate network test. The result provided recommendations and steps for increasing corporate network security.
FAQ

On this block, you will find answers to the most popular questions of our customers. Didn’t find what you need? Just send us a request.

  • What is a penetration test?
    A week rarely goes by without reports of attacks on sensitive systems. It results in financial damage, and the reputation and trust of customers and partners crumble. To protect yourself against attacks, adequate countermeasures must be taken at different levels. Well-trained employees and processes that also take IT security into account are essential for effective protection. However, above all, the security check through a penetration test by an independent third party is an effective means. So, what is exactly a penetration test? A penetration test is an authorized, planned, and simulated cyber attack on a company or a public sector institution. The aim is to identify and eliminate previously unknown points of attack before hackers can use them to steal intellectual property or other sensitive data or otherwise damage an organization. During the penetration test, trained testers attempt to attack your IT systems using the methods of criminal hackers to determine the vulnerability of systems, after which appropriate protective measures can be taken.
  • White box, gray box, black box: what is the difference?
    Dealing with the client's security system, we can take different approaches which include color-based assessments. Black Box Black box tests are the most common and preferred by multiple organizations since analysts work at the same level as a typical hacker. The pentester does not know the details of the evaluated system in advance. The Black Box tests determine and detail the vulnerabilities in an exploited system from the outside. At a technical level, this type of testing relies on dynamic analysis of the programs running inside, as well as of the networks. While this kind of testing can be extremely fast, depending on the pentester's ability to find vulnerabilities, as well as implicit network failures, it has a downside. It implies that if the analyst fails to penetrate the perimeter - the failures found inside will remain hidden. White box Contrary to the gray box or black-box tests, white-box tests have full access to the source code of a system, as well as to the architecture, infrastructure, and documentation. In this sense, these kinds of tests are the ones that involve the longest amount of time, since the analysts must sort through an immense amount of information to find what is truly useful for the mission. One of the flaws of this kind of test is that they can generate blindness based on the deep knowledge they have of the system, which can often obviate the actions that a hacker without knowledge can commit. However, this is not a realistic attack, as the cybercriminal may not have all the attack details. Gray box A Gray Box test is a step up from a Black Box test, where the analyst has the same network access as an average system user. The Gray box test starts with incomplete information on the attacked system. This can be some key data, network topology, operating systems, their version, etc. Typically, this information will have a logical balance and can simulate what a cybercriminal would have after studying the system for a while. In this sense, he has more knowledge about the network infrastructure and architecture and has greater privileges, which can help implement a much more focused and efficient analysis. This also helps to generate simulations of persistent threats within a system, to evaluate the response capacity of users. The Gray box methodology allows deeper penetration and more exhaustive testing than the black box, without totally discarding the simulation element.
  • What are the types and models of penetration testing?
    External network penetration testing. Anything exposed to the Internet needs some form of security testing. If an external host is compromised, it can lead to an attacker digging deeper into your internal environment. External network penetration testing is focused on the perimeter of your network and identifies any deficiencies that exist in the controls that protect against remote attackers targeting the Internet-facing systems in your environment. When performing external penetration testing, our penetration testers mimic real scenarios as best as possible to root out all potential vulnerabilities. Our external network penetration testing techniques include the following: ● Port scans and other network service interactions and queries ● Network sniffing, traffic monitoring, traffic analysis, and host discovery ● Spoofing or deceiving servers via dynamic routing updates (e.g., OSPF, RIP spoofing) ● Attempted logins or other use of systems with any account name/password ● Use of exploit code for leveraging discovered vulnerabilities ● Password cracking via capture and scanning of authentication databases ● Buffer overruns/underruns ● Spoofing or deceiving servers regarding network traffic ● Alteration of running system configuration except where denial of service would result ● Adding user accounts. Internal network penetration testing. Whether it’s disgruntled workers, previously terminated employees, or someone trying to steal trade secrets, there is a high chance of potential internal threats. Even without malicious intent, simple configuration issues or employee mishaps can also result in a network compromise, leading to the majority of attacks originating from within. Our internal network penetration tests target the networked environment that lies behind your public-facing devices. This service is designed to identify and exploit issues that can be discovered by an attacker who has gained access to your internal network: ● Internal subnets ● Domain servers ● File servers ● Printers ● Network devices ● Phones ● Buffer overruns/underruns ● Workstations and laptops Web applications penetration testing. Web applications are unique constructs, mixing various forms of technology and providing an interactive front for others to use. Some web applications are made public, while others might be internal applications existing on an intranet. No matter the location, there are always security variables. How well does your application handle input? Does it work with backend servers in a secure manner? Will your session management scheme hold up to penetration testing? Web application penetration testing tests for the following: ● Application logic flaws ● Forced browsing ● Access and authentication controls ● Session management ● Cookie manipulation ● Horizontal escalation ● Vertical escalation ● Brute-force password guessing ● Poor server configuration ● Information leakage ● Source code disclosure ● Response splitting ● File upload/download attacks ● Parameter tampering ● URL manipulation ● Injection attacks for HTML, SQL, XML, SOAP, XPATH, LDAP, Command ● Cross-site scripting ● Fuzzing
  • How much does a pentest cost, and what influences its price?
    The price for our service results from the size and complexity of the pentest. The scope of the test objects and networks, the license fees for the scan tools used, and the nature of the tests affect the costs. If the follow-up tests are necessary, it also adds to the overall price. We discuss all the pricing criteria and create your non-binding offer in a personal consultation.
  • How often the pentest should be performed? How long does it take?
    The penetration testing is recommended conduct at least twice a year, but the optimal quantity is determined after the analysis of the particular business. By default, you will receive our final report within 1-2 weeks of completing the penetration test. If an earlier transmission of the results is required, please let us know in the joint kick-off meeting. For time-critical projects, we will be happy to provide you with our results earlier, if possible.
  • What documentation and reports do I get as a result of the pen test?
    After completing the pentest, you will receive a final report, which is divided into different sections: Management summary Here you get a non-technical summary of the project and the identified findings for the management level. All critical findings are concisely summarized. The procedure, scope, and tools It is a detailed description of the test methods used, the analyzed test object and scope, as well as the tools and scripts used during the pentest. Findings and Actions An important part of our final report is the detailed, technical description of all identified findings. You will also receive a comprehensive recommendation on how to fix each vulnerability, suitable for technical personnel (such as developers or administrators). Standardized risk assessment To assess our findings, we follow well-known standards such as the OWASP risk assessment method. The risk of a vulnerability is based on the probability of occurrence and its impact. If you are interested in a network penetration test, we would be happy to provide you with a free quote. All you have to do is leave your contact information and data about your company in our contact form, and we will contact you as soon as possible.

Request a quote

Our expertise in the field of cybersecurity allows us to provide customized solutions that are tailored to the unique needs of each client.

1 (8).png
bottom of page