Pentesting

A pentest is a crucial tool for ensuring the security of your IT infrastructure, minimizing risks, and protecting the integrity of your data. Our certified security experts are ready to perform pentests on various components upon request, including IT infrastructures, web applications, mobile apps, APIs, IoT devices, and OT environments. A pentest thoroughly maps potential security risks and vulnerabilities in your systems before hackers can exploit them.

The value and effectiveness of our pentests lie in the manual testing methods and techniques, as well as the creativity of our ethical hackers. By conducting targeted tests within the research scope and considering the context, semantics, and client requirements, we can link different vulnerabilities to produce meaningful research results. These results are presented in a comprehensive report via our custom-developed Reporter portal, including findings, concrete recommendations, and general advice for improving the security of your web applications and IT infrastructure.

Our pentests are certified according to the CCV Quality Mark for Penetration Testing. This means our pentests meet the highest quality standards. By utilizing our pentesting services, you ensure robust and reliable IT security.

Start your Pentest

Already know which pentest you need? Request a quote directly via "Get a Quote" and fill in the form. We will contact you within 24 hours.

Unsure about the type of pentest or need a cost estimate? Explore our "Plans & Pricing" for various standard options.

Need tailored advice? Call us or visit "Contact Us" and leave your details. A security adviser will get back to you within 24 hours.

Get a Quote Plans & Pricing Contact Us

Tailored Pentests

Looking for a specialized pentest tailored to a specific area? We understand the unique expectations and requirements of specialized domains. Our detailed reports are customized to meet the specific needs of each area.

DigiD-assessment pentest

Pentest for the DigiD ICT Security Assessment, according to the DigiD standards framework v4.0 established by Logius/NOREA.

32 - 48 hours (average indication)

ISO27001 compliance pentest

Conduct a pentest to meet ISO 27001 requirements, essential for your Information Security Management System.

24 - 48 hours (average indication)

AVG/GDPR compliance pentest

Undergo a pentest to meet the European General Data Protection Regulation (GDPR) requirements.

32 - 60 hours (average indication)

Diverse Pentesting Types

At DongIT, we offer a variety of pentests tailored to fulfill specific objectives and customer requirements. The primary distinction among these tests lies in the level of knowledge and background information provided to the tester beforehand. We ascertain the most suitable test type through a consultative process with the client, considering their unique circumstances and needs.

Black-box test - Minimal knowledge provided, closely simulating real-life hacking scenarios..
Grey-box test - Partial information provided, such as a login account.
White-box test - Researchers typically have access to the application's source code and all configuration details, yielding the most thorough findings.
Time-boxed/budget-box test - The duration or budget of the project dictates the test endpoint.

Testing Methods & Techniques

Our pentests combine manual methods and techniques, used by real hackers, with automated security tools. This blend of comprehensive testing methods ensures the discovery of most vulnerabilities and security risks within your web application.

Through our ongoing security research efforts, we stay abreast of the latest developments and issues in cybersecurity, including zero-day vulnerabilities and the newest hacking methods and techniques.

Methodology

Our certified ethical hackers (OSCP, OSWE, OSEP, CISA, CISSP) have years of experience conducting penetration tests. Our pentest methodology is based on the principles and guidelines of the Information Systems Security Assessment Framework (ISSAF), the Cybersecurity Framework from the National Institute of Standards and Technology (NIST), the Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), and the recommendations of the Open Worldwide Application Security Project (OWASP).

These principles and guidelines provide a framework for the secure development, maintenance, delivery, and testing of web applications and the underlying IT infrastructure. They are based on best practices from security experts, involved organizations, and the cybersecurity community.

DongIT continuously evaluates and improves its testing methodology to stay up-to-date with the latest testing methods, techniques, and developments in the field.