No company is immune to cyber-attack.
No matter how big or small, hackers now exploit any security flaw that might enable them to break into a computer system.
Stories of hacking and ransomware are multiplying.
Some companies have been forced to pay several thousand euros to avoid seeing their business paralyzed.
So it’s important to act upstream to close the doors through which hackers could gain access.
A pentest, or penetration test, followed by implementation of the auditors’ recommendations, remains the best way to protect yourself and secure your website.
The importance of IT security
Today, data is a company’s most valuable asset.
Its theft or loss would spell disaster and possible bankruptcy.
The dematerialization of company processes and tools, while a source of flexibility and productivity, is also a source of risk.
There are many ways of accessing your website.
More and more connected objects are being used.
Internet users are using portable devices such as smartphones and tablets.
It’s important to maintain an exhaustive list of all access points to a website, and the associated rights.
Both preventive and corrective action must be taken to limit the risk of hacking.
Hacking into your website can be just as devastating in terms of data loss as it is in terms of your image. 
Did you say “Pentest”?
A pentest is an intrusion test.
One or more auditors will attempt to compromise the company’s IT system.
The tools used are the same as those used by hackers.
However, unlike a hacker, the pentester follows a code of ethics.
His aim is not to damage the company’s website or steal its data.
Instead, they identify computer security flaws and produce a report describing how to correct them.
Different types of pentest
There are three main approaches to pentesting.
Pentest blackbox
During a blackbox pentest, the auditor works under real-life conditions.
He or she will be outside the company, using all the means at his or her disposal to identify and exploit any IT security flaws.
The company’s teams will be able to react if an intrusion attempt is detected, but they won’t know it’s a pentest.
A blackbox pentest for a website can last several days and is broken down into several phases.
The auditor begins by gathering all possible information, through social engineering, social networks and even company websites.
They then attempt to exploit all this information to identify security vulnerabilities.
Finally, he or she will use all this information to try to penetrate the defenses. 
Pentest whitebox
Unlike the blackbox pentest, the whitebox pentest is carried out in collaboration with the company’s teams.
The auditor has access to all technical diagrams and documentation relating to the website.
They work directly with the company’s IT team.
The whitebox pentest is similar to a conventional security audit.
It is, however, much more comprehensive, as it leads to more concrete solutions for correcting the security flaws identified.
Pentest greybox
A greybox pentest lies somewhere between the two other types of pentest.
The auditor will carry out his work and tests from inside the company.
He will have the same equipment, tools and access as any other employee.
From there, he will try to obtain more rights on the website than he normally has, in order to access confidential information and exploit security flaws.
With the code “GCHARTIER5”, get an immediate 5% discount on the monthly subscription price, excluding VAT, for the duration of the commitment (on SAFE 5 or SAFE 10).
Intuity’s pentesting service
Intuity was founded in 2018 and specializes in IT security, penetration testing, audits, consulting and training.
Its teams are made up of experts in all the major areas of cybersecurity: development, integration, administration, security project management, security and network architecture, and cryptology.
These experts can carry out a pentest, blackbox, greybox or whitebox on your behalf, depending on the information you wish to pass on to them and the data you wish to obtain.
In our case, these intrusion tests will focus on logical intrusions: exploiting software vulnerabilities or misconfigurations.
Your website and web services will be tested to identify potential security flaws.
These can be of many kinds.
An old software version, misconfiguration or default configuration, a known security flaw in an ancillary module, passwords that are too simple… these are just some of the vulnerabilities that can be identified. 
- Kick-off meeting: presentation of the approach, definition of deadlines… Naturally, in the case of a blackbox pentest, this meeting does not take place.
- Defining the target: the pentest can cover all or part of the website and/or related services (online payment, etc.).
It is important to define the scope of the audit and the strategy to be applied beforehand. - Pentesting: manual and automated checks, verifications and tests are carried out.
- Audit report: summary of detected vulnerabilities for decision-makers and detailed, exhaustive presentation for operational teams.
- Results presentation meeting: presentation of actions to be implemented.
- Action plan monitoring: a team can monitor the implementation of recommendations based on the defined schedule.
Apply audit recommendations
Once the pentest has been carried out, you’ll have at your disposal a complete report describing the security of your website.
I can help you put in place a solid action plan based on a reliable pentest conducted by Intuity’s experts.
Based on the audit report, I work with your team to plan the recommended actions.
I then implement the recommendations provided by Intuity on your behalf.
You can be sure of optimum security for your website. Contact me today to discuss your website security.
