_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
Language
CS EN
Let's talk

Penetration Testing

We find weaknesses before an attacker does.

Black-box and white-box testing, vulnerability assessment, code review. We simulate real attacks on your infrastructure and applications.

Request a pentest Back to Security
OWASP/PTES
Methodology
Included
Retest
<5 days
Report SLA
<5%
False positive rate

Types of penetration tests

Black-box Testing

The tester has no prior information about the system — simulating a real external attacker.

Phases: 1. Reconnaissance — OSINT, DNS enumeration, subdomain discovery, technology fingerprinting 2. Scanning — Port scanning, service detection, vulnerability scanning (Nessus, Nuclei) 3. Enumeration — User enumeration, directory brute-force, API endpoint discovery 4. Exploitation — Attempts to exploit discovered vulnerabilities 5. Post-exploitation — Lateral movement, privilege escalation, data exfiltration simulation

What it reveals: Exposed services, default credentials, information leakage in error messages, IDOR, broken authentication, misconfigured CORS, subdomain takeover.

White-box Testing

The tester has full access to source code, architecture, configuration and documentation.

Includes: - Security code review — Manual code review focused on OWASP Top 10, CWE Top 25 - Architecture review — Analysis of data flows, trust boundaries, authentication/authorization mechanisms - Configuration review — Cloud infrastructure (Azure/AWS), Kubernetes, database, web server configuration - IaC review — Terraform, Helm charts, Dockerfiles — security best practices

What it additionally reveals: Logic flaws, race conditions, insecure cryptographic implementations, hardcoded secrets, overly permissive IAM policies, insecure deserialization.

Grey-box Testing

A combination — the tester has partial information (e.g., authenticated access, API documentation). The most efficient cost/coverage ratio for most applications.

Methodology

OWASP Testing Guide v4

A systematic framework for testing web applications:

  • Information Gathering — Fingerprinting, configuration review, authentication testing
  • Authorization Testing — RBAC bypass, privilege escalation, IDOR
  • Session Management — Token analysis, session fixation, CSRF
  • Input Validation — SQL injection, XSS, command injection, SSRF, XXE
  • Business Logic — Workflow bypass, rate limiting, race conditions
  • API Security — BOLA, broken function level authorization, mass assignment

PTES (Penetration Testing Execution Standard)

For infrastructure tests — network penetration testing, wireless, physical security assessment.

Vulnerability Assessment vs. Penetration Test

Aspect Vulnerability Assessment Penetration Test
Goal Find known vulnerabilities Exploit vulnerabilities
Approach Automated + manual review Predominantly manual
Depth Broad, surface-level Deep, targeted
Output List of CVEs with severity PoC exploits, business impact
Duration 1–3 days 5–20 days
When Quarterly, after deployment Annually, after major change

We recommend both — vulnerability assessment as a continuous process, penetration test as an in-depth analysis.

Reporting

Executive Summary

For management — business impact, risk level, top 3 recommendations. One page, no technical jargon.

Technical Report

For the dev team — each finding includes: - Description — What the vulnerability is and where it is - Severity — CVSS score + business impact - Proof of Concept — Reproducible steps (screenshot, request/response) - Recommendation — How to fix it, best practices - References — CWE, OWASP, vendor documentation

Retest

After fixes are implemented we perform a retest — verifying that the fixes are effective and have not introduced new vulnerabilities.

Continuous Security Testing

A one-time pentest is a snapshot. For continuous security we integrate:

  • DAST in CI/CD — OWASP ZAP, Burp Suite Enterprise in the pipeline
  • SAST — SonarQube, Semgrep for static analysis on every commit
  • Dependency scanning — Snyk, Dependabot for continuous CVE monitoring
  • Bug bounty — Program for external security researchers (setup, triage, reward management)

Scope and pricing

Scope Duration Indicative price
Web application (standard) 3–5 days from 150K CZK
API (REST/GraphQL) 2–4 days from 120K CZK
Mobile application (iOS + Android) 5–8 days from 200K CZK
Infrastructure (external) 3–5 days from 150K CZK
Comprehensive (app + infra + API) 10–20 days from 400K CZK

The exact price is determined after a scoping call — it depends on the size of the application, the number of endpoints and the required depth.

Časté otázky

At least once a year for compliance. Ideally after every major architectural change. Automated DAST tests in CI/CD as a complement.

Immediate notification — we don't wait for the final report. Critical findings are communicated within 24 hours with a recommended mitigation.

Máte projekt?

Pojďme si o něm promluvit.

Domluvit schůzku