eight_col_100101393_l.jpg

Provide penetration testing services to different businesses and organizations based on international experience and compliance standards such as OWASP and PCI DSS or on specific customer requirements.

Network Penetration Testing

Assessing the security level of inside and outside the enterprise.

Web Penetration Testing

Exploiting website security from known - unknown vulnerabilities and providing remediation.

Mobile Application Testing

Test the security of mobile applications on various platforms such as iOS, and Android

Social Engineering

Alexa Cybersecurity deploys a custom approach to check your spear phishing exposure.

Experience Team

Our staff are experts with extensive experience in the field of system penetration testing, Who are having participated in large projects such as banks - financial service - stock exchange and passed offensive certification

Wavy Abstract Background

Certification

OSCP

OSCE

OSWE

CCSP

CSSLP

CSSA

Compliance standards

Our methodology is based on the industry-accepted penetration testing approach derived from the National Institute of Standards and Technology (NIST) Special Publication (SP) (“NIST SP 800-115”) – “Technical Guide to Information Security Testing and Assessment”, the Open Source Security Testing Methodology Manual (“OSSTMM”) – authored by the Institute for Security and Open Methodologies (“ISECON”), and the Open Web Application Security Project (“OWASP”) testing methodologies

Bridge Over Glacier River

Penetration Testing Methodology Described in Steps

By starting the test, Alexa cybersecurity together with the customer will define the full range to be tested. A clear and open discussion with the client is essential at this step. All communication is facilitated through our form portal, email, and phone call, which enforces our methodical approach and promotes collaboration between teams. At this stage, we define the company's infrastructure such as domains, servers, and other devices with IP addresses. We then determine if any should be excluded and why with the customer's consent. Once we have a list of all the devices that will be tested, we can determine an appropriate test time.

We start attacking known vulnerabilities and vulnerabilities with your web application. We take this step with the utmost care to protect both your web application and your data. We repeat the penetration process with both manual and automated tools. We use a variety of methods such as those specified in the OWASP methodology. , we can scan your system for vulnerabilities that are putting your data at risk. The results of this phase are recorded as PDFs and online reports are made available to you in the portal as per the initial agreement.

The team collects and compiles all of the obtained information and provides the customer with an exhaustive report. We also include comprehensive recommendations to aid business leaders as well as the IT team in order to make logical decisions regarding web application security. We provide a list of each vulnerability, including how we tested and how we recommend resolving the risk. At this stage, we provide specific technical details using which the IT team can act quickly. 

Right after both the business leaders and the IT team are able to read the report and act during the remediation process, we will retest to determine the effectiveness of the findings resolution. We will rerun our penetration test on the web application and as a result of the retest, you can download an updated report from us. This report will either show a clean build or a patched vs not patched status for each finding. Once all vulnerabilities are resolved we will close the case.