FCQ owns a team of experts with many years of experience in the field of Information Security, well-trained in the field of information security accompanied by security certificates from famous organizations EC-Council, OffSec (OSCP)...
Outstanding service quality
All engagement processes are carried out in accordance with international standards for information security. The assessment was carried out by engineers and experts in the attacking team (Red team) of FCQ.
We commit to keeping customer information absolutely confidential, not disclosing or losing customer information.
All services will provide actionable report for your engineers to following security holes remediation.
Fast, accurate and actionable
Each service package will be carried out according to different processes. The security testing methodology and tools will be announced after the service scoping phase.
Various methods and well-known tools (5-20 tools/packages) will be used to deeply engage and analyze every aspect of the system.
The manual (manual) attack phase will be carried out by our senior experts to detect the remaining vulnerabilities and make the most out of the exploits.
There are 2 types of reports that will be issued, reports to executives and detailed technical/final reports (concluding daily bugtrack):
- The report to the executive will clearly indicate the current status of the system, recommendations to be implemented to improve the defense of the system, this also looks at the business (cost/expense) perspective.
- The technical report or final report will detail the security holes (bugs), proofs of exploitation and suggestions for remediation.
Service package options:
- We application/web api penetration testing
- Mobile application penetration testing
- Wireless network penetration testing
- Network penetration testing
PenTest stands for Penetration Testing (Pen Testing). This is a type of Security Testing, used to discover vulnerabilities, risks or security threats that hackers can exploit in software applications, networks or web applications. The purpose of PenTest is to identify and verify all possible security vulnerabilities in the software and the ability to exploit them.
Vulnerability refers to security risks, such as hackers who can disrupt or gain access to the system or any data inside. Vulnerabilities often appear by chance during the software deployment and development phase. Some common vulnerabilities include: design errors, configuration errors, software errors... PenTest depends on two mechanisms: Vulnerability Assessment and Penetration Testing (collectively known as VAPT).
Financial fields such as Banking, Investment Banking, Stock Exchange... always want data to be confidential and need regular Pentest audits to ensure maximum security.
If the software system has been attacked, the organization needs to determine if any threats still exist in the system. Thereby minimizing the possibility of future attacks.
Proactively audit Pentest is the most effective way to fight hackers and to stay one step ahead of bad hackers.
PenTest is usually classified based on the scope of the attack. In addition, it also depends on whether organizations want to simulate an attack by an employee, Network Admin (Internal Sources) or by External Sources. There are three different types of PenTest:
1. Black Box Testing
2. White Box Penetration Testing
3. Grey Box Penetration Testing
For Black Box Testing, the tester will not know anything about the system that is about to be tested. Tester is only responsible for collecting information about the target network or system.
In the form of White Box Penetration Testing, testers are usually provided with full information about the network or system that will be tested. Which includes IP address, source code, details about the operating system... This can be seen as an attack simulation by any Internal Source.
With Grey Box Penetration Testing, the tester will be provided with some information about the system. This can be seen as an attack from an external hacker who has access to the organization's network infrastructure documents.
