Intrusion test – Pentest

An intrusion test aims to evaluate the visibility of your infrastructures on the Internet, to qualify the level of resistance of your information system to attacks carried out from the Internet or internally and to provide a set of recommendations to increase your level of security. To do this, the security engineers try to access supposedly sensitive or confidential data.

The external intrusion test is carried out in successive optimized phases, thanks to the know-how and experience of ITrust consultants based on a methodology that has been proven since 2007 and used on more than 500 audits:

An internal intrusion test aims to qualify the level of resistance of your network to attacks from within it. To do this, security engineers try to access supposedly sensitive or confidential data.

With the creation of a privileged account on the network, the tests can lead to configuration and installation information of the tested machines and thus obtain a better evaluation of the security level of the tested network.

Also known as a user account audit, the internal intrusion test allows to measure the internal nuisance capacity: malicious personnel or computer trapping scenario.

The black box intrusion test simulates an attacker deciding or having the mission to “attack” you. We start the intrusion test with the minimum amount of information, try to determine a perimeter, then validate with you the identified elements before launching more offensive tests.

During an intrusion test in white box mode, you give us the entire perimeter at the start of the service.

ITrust mobilises experienced auditors for security audit operations who have also carried out projects to study, implement and put technical infrastructures into operation. These consultants are men and women of the art, i.e. engineers first trained in the technical fields of infrastructures, who have the ability to formulate in real time a diagnosis of technical faults, and to immediately propose architecture recommendations and proposals for technical solutions for resolution or circumvention.

Generally speaking, our approach is a compilation of best audit practices: OSSTMM for the network and system part and OWASP for the web application part. ITrust is co-founder of the FPTI (Federation of Intrusion Testing Professionals).

Quality above all!

Our engineers are experienced to be part of the Itrust RedTeam (Team of Experts). They are all on permanent contracts and based in France. We refrain from using external engineers except in exceptional cases with the agreement of our clients.

Strong commitment to the PASSI standard and the OIVs

Within the framework of the protection of the French information heritage and the flagships of the industry, ITrust is engaged in a certification process with respect to ANSSI
– CSPN for the development of its IKare tool (security level measurement, control of the presence of vulnerabilities, asset management),
– PASSI for service activities.

ITrust is notably labeled France Cyber Security.
Our capital is exclusively French.
Our engineers are based exclusively on French territory.

Independence, ethics and maintenance of competence

In order to guarantee an irreproachable quality in its services, a total independence with regard to external editors and service providers, ITrust ensures :
⇒ To be totally independent of third party publishers and service providers:

– ITrust’s capital and services are completely independent of the publishers and
integration providers. (Cf. integrity charter);
– Our charter of values implies total independence in our services and our recommendations.

⇒ To have defined and implemented quality requirements through :

– His Man 3 Method;
– Its charter of values, signed by all its collaborators;
– Its integrity charter.

⇒ Participate actively in the ISO27001, EBIOS, RGS working groups in particular through its membership in groups such as :

– PRISSM, Think tank of cybersecurity professionals;
– CLUSIF;
– Club 27001;
– OSSIR;
– European Security Circle.
– ECSO (European Cybersecurity Organisation)

⇒ Participate in conferences as an exhibitor and as a speaker leading interventions on specific safety topics, for example :

– Bot Conf 2014,2018 ;
– Defcon/Blackhat Lasvegas 2009, 2018;
– CRIP 20XX;
– Cloudconference;
– National Assembly: Cloud and security expertise.

Code of Ethics

ITrust has a charter of ethics which states in particular that :

– Audit services are performed with loyalty, discretion, impartiality and independence;
– The auditors use only the methods, tools and techniques validated by ITrust;
– The auditors undertake not to disclose, including to other auditors not involved in the audit, any information obtained or generated in the course of the audits unless authorised by the audit client;
– The auditors shall report to the audit client any manifestly unlawful content discovered during the audit;
– The auditors undertake to comply with the law, the regulations in force as well as good practices related to the audit (ISO 19011);
– All auditors sign the ethics charter.