Penetration Testing


The purpose of penetration testing is to identify weak points in your systems so that the server with your data is sufficiently secure. The same techniques used by real hackers are used, thus the resistance of systems to real attacks is verified. The result of each penetration test is delivered in the form of a written report with identified problems along with recommendations on how to fix them.

Types of Testing

Web Application Penetration Test
This is a manual penetration testing of web applications using commercial tools. The tests are performed in accordance with the OWASP (Open Web Application Security Project) methodology.

Infrastructure and System Penetration Test
The penetration testing of infrastructure and systems also uses commercial tools together with manual testing by our experts. The tests are performed in accordance with the PTES methodology.

Target Group

Only subjects concerning Masaryk University are tested. The testing of private websites and public entities are not performed within the CSIRT-MU.

Scope

The testing itself can take up to several weeks. Subsequently, it is necessary to take into account the time required to prepare the first report (several days). In the case of a retest, the testing time is several times shorter, and again a few extra days are reserved for the final report.

Price for the Testing

For the further development and functioning of our testers team, financial cooperation is required to perform penetration testing of your systems. The price depends on many parameters, it is possible to request an offer by e-mail Tomci@ics.muni.cz.

Testing Phases

  • 1. Agreement

    The first step is to agree on the conditions for performing a penetration test. For this purpose, all the information needed to start the testing is collected, and the scope is agreed upon.

  • 2. Penetration Test

    The second step is penetration testing itself. If a critical vulnerability is discovered, you will be contacted before the report is issued so that the threat can be removed as soon as possible. Otherwise, the testing goes unnoticed.

  • 3. Initial Report

    After the testing is completed, a report containing all the findings, a description of their significance and recommendations on correcting or preventing them is prepared. The report includes a high-level summary of the issues, technical details, and suggestions for administrators.

  • 4. Retest

    After preparing the initial report, the requester has time to solve the problems found. In case of interest, it is possible to perform another test, which is used to verify whether the errors found are corrected. Other issues may appear during this phase.

  • 5. Final Report

    After everything is done and retested, the final report with all the issues is prepared. 

You are running an old browser version. We recommend updating your browser to its latest version.