2 min reading Wed May 17 2023
Ceeyu launches penetration testing integrated with attack surface management
Penetration testing has become the professional service of choice for many organisations to strengthen their cyber security defences against external threats. Unfortunately, there is a lot of overhead involved in organising a penetration test: finding the right provider who delivers good quality service at a reasonable price, identifying the target applications or systems and defining the scope, negotiating the price and completing the paperwork. And a year later, the process starts again…
At Ceeyu, we now offer hassle-free penetration testing, seamlessly integrated with the automated digital footprint mapping and attack surface analysis services offered on the Ceeyu.io platform.
Complementary to our automated scans
Automated scans are run continuously and can cover a wide range of IT assets and networks, but are more superficial, while penetration tests are more thorough but more limited in scope. When used together, they are perfectly compatible. Through monitoring and analysis of the attack surface, IT teams can inventory all externally visible assets and identify most vulnerabilities. Penetration testing ensures that no vulnerabilities have been overlooked and that the vulnerabilities detected by the attack surface analysis have been adequately addressed. Our attack surface scans can be used for post-penetration testing of mitigation measures, testing and monitoring.
A hassle-free experience, at a lower cost
Starting from the results of automated scans, Ceeyu saves valuable time compared to a "stand-alone" penetration test:
- Since the footprint and potential vulnerabilities are exposed by automated scans, the time to be spent on the first three phases of a penetration test (reconnaissance, scanning, vulnerability assessment) is very limited. As such, we save valuable time compared to a "stand-alone" penetration test. This gain in efficiency translates into a shorter turnaround time and a lower cost.
- Customers can be assured that no application or network system has been overlooked when defining the scope of the penetration test.
Since customers deal with one party for all external cybersecurity risk identification services, including digital footprint mapping, attack surface monitoring and penetration testing, valuable time and overhead can be saved!
A range of penetration test services
Based on the results of the automated scans, Ceeyu will propose one or more of the following services:
- Application penetration testing: an ethical hacker from Ceeyu performs penetration tests on web and mobile applications, and client-server applications using web technologies or your APIs.
- Network penetration testing: Based on the results of its active vulnerability scanner, Ceeyu checks whether the detected vulnerabilities can actually be exploited or whether they have been mitigated by other controls.
- Cloud penetration testing: Using a combination of manual and automated tests, an ethical hacker from Ceeyu attempts to discover common misconfigurations and incorrect implementations of the most common cloud services (AWS, Azure, Google). This service can be performed in black/grey/whitebox mode.