Intrusion test – Pentest
Test the level of resistance of your network to computer attacks from the Internet or internally, by malicious personnel, a trainee, etc.
We propose different approaches: external, internal, black or white box intrusion tests…
External intrusion test
An intrusion test aims to evaluate the visibility of your infrastructures on the Internet, to qualify the level of resistance of your information system to attacks carried out from the Internet or internally and to provide a set of recommendations to increase your level of security. To do this, the security engineers try to access supposedly sensitive or confidential data.
The external intrusion test is carried out in successive optimized phases, thanks to the know-how and experience of ITrust consultants based on a methodology that has been proven since 2007 and used on more than 500 audits:
Test of internal intrusion
An internal intrusion test aims to qualify the level of resistance of your network to attacks from within it. To do this, security engineers try to access supposedly sensitive or confidential data.
With the creation of a privileged account on the network, the tests can lead to configuration and installation information of the tested machines and thus obtain a better evaluation of the security level of the tested network.
Also known as a user account audit, the internal intrusion test allows to measure the internal nuisance capacity: malicious personnel or computer trapping scenario.
Our approach to intrusion testing
The black box intrusion test simulates an attacker deciding or having the mission to “attack” you. We start the intrusion test with the minimum amount of information, try to determine a perimeter, then validate with you the identified elements before launching more offensive tests.
During an intrusion test in white box mode, you give us the entire perimeter at the start of the service.
ITrust mobilises experienced auditors for security audit operations who have also carried out projects to study, implement and put technical infrastructures into operation. These consultants are men and women of the art, i.e. engineers first trained in the technical fields of infrastructures, who have the ability to formulate in real time a diagnosis of technical faults, and to immediately propose architecture recommendations and proposals for technical solutions for resolution or circumvention.
Generally speaking, our approach is a compilation of best audit practices: OSSTMM for the network and system part and OWASP for the web application part. ITrust is co-founder of the FPTI (Federation of Intrusion Testing Professionals).
Quality above all!
Our engineers are experienced to be part of the Itrust RedTeam (Team of Experts). They are all on permanent contracts and based in France. We refrain from using external engineers except in exceptional cases with the agreement of our clients.
Strong commitment to the PASSI standard and the OIVs
Within the framework of the protection of the French information heritage and the flagships of the industry, ITrust is engaged in a certification process with respect to ANSSI
– CSPN for the development of its IKare tool (security level measurement, control of the presence of vulnerabilities, asset management),
– PASSI for service activities.
ITrust is notably labeled France Cyber Security.
Our capital is exclusively French.
Our engineers are based exclusively on French territory.
Independence, ethics and maintenance of competence
In order to guarantee an irreproachable quality in its services, a total independence with regard to external editors and service providers, ITrust ensures :
⇒ To be totally independent of third party publishers and service providers:
– ITrust’s capital and services are completely independent of the publishers and
integration providers. (Cf. integrity charter);
– Our charter of values implies total independence in our services and our recommendations.
⇒ To have defined and implemented quality requirements through :
– His Man 3 Method;
– Its charter of values, signed by all its collaborators;
– Its integrity charter.
⇒ Participate actively in the ISO27001, EBIOS, RGS working groups in particular through its membership in groups such as :
– PRISSM, Think tank of cybersecurity professionals;
– CLUSIF;
– Club 27001;
– OSSIR;
– European Security Circle.
– ECSO (European Cybersecurity Organisation)
⇒ Participate in conferences as an exhibitor and as a speaker leading interventions on specific safety topics, for example :
– Bot Conf 2014,2018 ;
– Defcon/Blackhat Lasvegas 2009, 2018;
– CRIP 20XX;
– Cloudconference;
– National Assembly: Cloud and security expertise.
Code of Ethics
ITrust has a charter of ethics which states in particular that :
– Audit services are performed with loyalty, discretion, impartiality and independence;
– The auditors use only the methods, tools and techniques validated by ITrust;
– The auditors undertake not to disclose, including to other auditors not involved in the audit, any information obtained or generated in the course of the audits unless authorised by the audit client;
– The auditors shall report to the audit client any manifestly unlawful content discovered during the audit;
– The auditors undertake to comply with the law, the regulations in force as well as good practices related to the audit (ISO 19011);
– All auditors sign the ethics charter.
Our clients talk about it better than we do :
AirFrance regularly has its information system and internet counters audited by various companies. ITrust intervened and detected important security flaws that we had not detected in previous years! We were immediately seduced. Their staff had a perfect command of the company’s international environment.
Crédit.fr is a participative financing platform for lending to SMEs. We selected ITrust at the launch of this platform. As it deals with confidential data, we felt it was essential to provide our clients with a highly secure service.
During this mission, we particularly appreciated the availability and seriousness of ITrust’s teams who were able to reassure us about the high level of security of the platform and suggest areas for improvement.
MTarget offers mobile services all over the world. ITrust has enabled us to secure our information systems at a lower cost. We started with an intrusive audit. We were impressed by their technical quality and professionalism.