F.A.Q
Passive reconnaissance phase
The auditor collects and uses public information in order to establish the cartography of the Information System, without direct interaction with the latter.
Active reconnaissance phase
The pentester uses scanning techniques to actively discover exposed services and interfaces. This phase also makes it possible to validate the information collected passively.
Conduct of an audit
An initiation meeting makes it possible to identify the needs and scope of the mission, as well as any constraints.
A legal mandate between the different parties is published in order to frame the audit service of DSecBypass.
The consultant in charge of the mission can be reached at any time during its execution and informs the customer in the event of a critical discovery.
Penetration testing methodologies
The work of the auditors is based on the following public and internal standards :
- Good practices specific to the technologies encountered
- TOP10 OWASP and OWASP ASVS
- SANS Top 20 critical controls
- Guides and best practices from ANSSI
- DSecBypass Expertise
Why perform a pentest?
The pentest is complementary and essential to the security measures already implemented in the Information System. It makes it possible to validate the security of the audited perimeter from an offensive point of view.
Deliverables
The report includes a summary of the results as well as the details of the vulnerabilities (CVSS score, impact, references) and recommendations identified.
The optional technical restitution is an opportunity for the consultant to present his approach and his results in an interactive way, and to discuss with the client and his teams on the action plan to be implemented.
Also on option, a managerial restitution makes it possible to address an executive audience.