Cyberattack, criminals team coding computer virus program

Achieve the highest possible level of security through

Penetration tests

Test your IT systems and your IT environment with an external penetration test (pentest). Through review and evaluation of your systems, we ensure that you have sufficient resilience to protect yourself against internal and external threats.

Avoid vulnerabilities in the web applications you use

Testing of web applications

Known vulnerabilities in web applications are usually the easiest way in for an attacker. New vulnerabilities in frameworks, application servers and software for code storage are discovered all the time, through Basalt’s penetration tests (pentests) of your applications you get a good picture of what the vulnerabilities are and depending on how extensive the test is you get recommendations for possible measures.

  • We find vulnerabilities in frameworks, application servers and software
  • Manual testing can discover vulnerabilities that automated tools would not find due to application differences in implementation
  • With access to source code during the penetration test, we can make the most accurate analysis possible

Base

Standard

Advanced

Vulnerability scanning

Using standard tools, we collect data to find known vulnerabilities

  • Base

  • Standard

  • Advanced

Validation

Validation of potential detections to exclude false positives

  • Standard

  • Advanced

Basic report

Automatic standard report

  • Base

Manual testing

Manual testing of the client's business logic. This includes detections of potential misconfigurations and can mean that data with sensitive information that would not be detected by an automatic scanning tool is found.

  • Standard

  • Advanced

Source code review

Some vulnerabilities are almost impossible to discover or exploit without access to the source code. However, there are many ways that the source code can be exposed without the fault of the application developers. New vulnerabilities in frameworks, application servers, and code storage software are published frequently, often with working exploits.

  • Advanced

Manual report

After the penetration test, a full report will be written with potential vulnerabilities discovered during the assessment as well as failed attempts that show some of the company's strengths and weaknesses. Probability and impact are assessed as low, medium or high, while the overall classification consists of the levels low, medium, high and critical.

  • Standard

  • Advanced

We look for vulnerabilities in the client environment

Penetration testing of infrastructure

If an attacker takes over a company’s infrastructure, such as switches, firewalls and servers, things can go very bad, very quickly. In our pentests, we simulate real attack techniques that are used to find security vulnerabilities in your systems.

We do both simpler tests that give you an overview of the vulnerabilities in an automated report, to more advanced tests where we grade the discoveries into low, medium and high depending on how big an impact they can have on your business.

  • Information gathering about which systems and services are exposed that can potentially be exploited by a threat actor
  • All observations are classified according to their estimated significance based on likelihood of discovery and exploitation along with business impact
  • Complete post-test report of potential vulnerabilities discovered during the assessment, showing some of the company's strengths and weaknesses

Base

Standard

Advanced

Vulnerability scanning

Automatic scanning of known vulnerabilities in the client environment. All components and devices connected to the client's network, including switches, servers, printers, clients, routers, IoT and OT equipment.

  • Base

  • Standard

  • Advanced

Basic report

An automated report will be delivered where general recommendations are presented.

  • Base

Validation

Validation of potential detections to exclude false positives.

  • Standard

  • Advanced

Manual testing

The goal of penetration testing is to identify vulnerabilities in an environment by simulating real attack techniques. These follow the basic pattern of target discovery, vulnerability identification and exploitation. Basalt's penetration tests focus more on chaining together vulnerabilities to eventually gain access to critical data or target systems.

  • Standard

  • Advanced

Manual report

After the penetration test, a full report will be written with potential vulnerabilities discovered during the assessment and failed attempts that show some of the company's strengths and weaknesses. All observations are classified according to their estimated significance based on probability of discovery and exploitation along with technical impact to the business.

  • Standard

  • Advanced

Purple team

In a Purple team, Basalt's experts take on the role of Red team and work together with the customer's Blue team, with the intention of providing a stronger, deeper understanding of the unknown activity.

  • Advanced

Red team

Basalt's Red team goes a step further and adds, for example, physical penetration testing or social engineering to the tests. A Red team tests the organization's detection capabilities in a realistic attack attempt.

  • Advanced

What vulnerabilities are actually found in the mobile phone?

Mobile test

When we pentest mobile phones, we go through several aspects to look for weaknesses and vulnerabilities, usually this means reviewing the configuration of security settings and examining installed software.

During the testing, we look for several types of vulnerabilities and review code in self-developed applications. When vulnerabilities are discovered, these are tested to validate security.

  • Identify vulnerabilities and weaknesses in mobile devices
  • Ensure that applications can withstand a potential cyber attack
  • Get recommendations for improved security throughout your organization

Physical penetration tests

A physical penetration tester is physically present at the location where the test is to be performed, usually in connection with the customer’s premises. This type of testing is often used to simulate a realistic intrusion attempt to test both personnel and the safeguards in place. After a successful breach, the physical penetration tester continues to compromise systems and networks to see if he can collect sensitive data.

  • Tests that put your routines and existing systems to the test
  • Prevent sensitive information from being accessed by an attacker who enters the premises
  • Our physical pentesters document and report all deficiencies in a consolidated report

Test the resilience of the organization

Social engineering

Our social engineering experts conduct tests to investigate the resilience of employed personnel. This is carried out, among other things, with phishing campaigns, which involve tailored e-mail messages or phone calls to the organization. Social engineering can also be used in combination with physical penetration testing, that is, physical intrusions into premises and facilities.

The human factor and the lack of routines and knowledge among the employees is a weakness that an attacker likes to exploit to gain unauthorized access to the business.

  • Realistic tests to see if the organization has enough resilience
  • Scenario-based tests with high tact so as not to damage the trust of employees
  • Full report after completed activities with what deficiencies we found and our experts' recommendations

OT (Operational Technology)

An attacker may try to gain access to OT equipment such as industrial machines, control systems and various types of instruments. Due to the complexity of supply chains and the size of installed systems, security is often forgotten, even though many of these systems often protect vital operations.

In OT testing, we review communication protocols to investigate inaccuracies in configurations or logic for various critical functions that may affect operation. We also examine the infrastructure to see if the systems are sufficiently isolated.

  • We test your OT systems and make sure they are properly protected
  • Our tests reduce the risk of a cyber attack by simulating attacks from threat actors
  • Make sure to protect the business, the employees and society
cybet_dator

5 tips to protect your systems against an attack

Download our guide

Make it harder for an attacker to succeed in their attack. Download our free guide with 5 concrete tips on how to protect your business against attacks.

  • Get tips and inspiration from Basalt
    Subscribe to our newsletter

Required field
banner-3--data

Stay one step ahead.

Let Basalt be responsible for your operational protection.
Contact us and we will guide you right!