We are a cyber security consultancy company, based in the Hague Security Delta Campus with over 18 years of international experience. For now, in the Netherlands we are only serving with penetration testing services, yet our international service scope includes penetration testing, PCI auditing and consultancy, identity management systems development, cyber security hardware and software sales and support, developing security tools, software and vulnerability management system as well as security operation center solutions.
Penetra Cyber Security B.V. is founded by Biznet Bilisim A.S. one of the biggest cyber security companies in Turkey, that has been serving to both local and international customers. Biznet Bilisim has over 25 people in its penetration test team and over 80 people in total, working as PCI auditors and consultants, technical support professionals, cyber security software developers, SOC experts, identity management solutions experts and all of them working to provide end to end security to our customers.
In the cyber world, where everyday something new emerges, a new application, a new technology, a new device, a new protocol and we have to become experts in new domains, before real hackers do. We believe training and learning is an ongoing process in cyber security domain. We value knowledge and we just can't get enough of it. This is why we get as many trainings as we can, attend conferences all over the world, give our team members free time for self-training, organize in-house trainings and force ourselves to constantly start new research projects.
Our team has experts from different nationalities, different technical and educational backgrounds, different beliefs and different expertise. We try to keep our team as diverse as possible to ensure that our team would have different perspectives during security tests, which minimizes the chance of missing out vulnerabilities. When we are teaming up for a project, we always add people with different expertise and backgrounds to spice things up.
We don't believe penetration testing is a one-time service that you can test systems give a report and leave. Once we work with a customer, we take their security in a personal way. We help our customers to solve not only the vulnerabilities but the root causes for those vulnerabilities, so that similar vulnerabilities would not occur again. We also continuously inform our customers about zero-day vulnerabilities, hoping to reduce their risks.
We provide penetration testing services. We are here to help you with cyber security problems you might face, detect vulnerabilities and misconfigurations you might have in your systems, servers and applications. If you want to see how your company would do under a cyber attack, what would be impact and test if your remediation plans are in line with real world scenarios, we are here for you as well.
Companies should have their systems, servers and applications tested for security vulnerabilities and have attack simulations carried out against their systems to see, if correct control and security mechanisms have been applied properly. Before starting the penetration tests, by making use of their past experiences, Penetra Cyber Security B.V. team members analyze customer assets and risks to determine what kind of testing suits their needs and adds most value to the customer. Then, with the right set of tools and people, both automatic and manual controls are carried out to detect all vulnerabilities. We also provide help for fixing found vulnerabilities as well!
Some of the test types Penetra members has expertise are as below. Further details about these tests and how they carried out are stated in the methodology of Penetra Cyber Security B.V..
These are control services in which an organization's resources accessible via the Internet (dns, ftp, e-mail, web, cloud systems, firewall etc.) are accessed optionally with authorized or unauthorized user rights using various tools and methods to identify known and possible vulnerabilities before attackers.
Security tests carried out within the local network involve accessing servers and systems audited from an organization's local network. These audits include security scans against known gaps, security scans on applications depending on application type and system configuration controls.
In these tests, not a specific system, server or application is targeted by an attack, but directly organization itself or a more specific part of organization such as hardened SWIFT systems is selected. This way, possible activities of an attacker intending to hack a specific organization will be simulated.
In comparison to other applications, web applications must be handled using more advanced methods due to their complex structure and diversity and variability of available applications. The main purpose in web application security tests is to perform controls on applications on the Internet/intranet with different user rights and according to standards defined by OWASP and identify vulnerabilities.
The rapid increase in use of mobile devices leads to increased number of applications available for such devices. Such applications developed using different technologies may also contain vulnerabilities just as standard web applications do. These tests enable to control applications and systems developed for iPhone and Android mobile devices.
These tests are carried out against IoT devices, the end servers, cloud systems and applications they are talking to, and applications that are used for controlling the devices. These tests include fuzzing open ports, dumping data and firmware from hardware and bus sniffing to find any crucial information that shouldn't be sniffed.
DOS/DDoS tests are performed to see how an organization's systems behave under different attacks aiming to disable the systems and identify possible configuration errors by measuring effectiveness of the current precautions. In DDoS tests, DDoS attacks carried out over botnet with HTTP requests sent using 1000 different IP addresses are also simulated.
These services include examination of applications developed in ASP.NET, JAVA, C#, C++ and PHP languages by personnel competent in security software development using static code analysis methods and identification of problems from within the code.
With an attacker-like approach Penetra tries to find vulnerabilities, gain access to critical data, leak in to private networks and find other vulnerabilities on systems, networks and applications. Different than other tests, while doing red teaming, Penetra tries not to ring any alarm bells to see how successful a real attacker would be.
In today's world, with everything being agile, development process changes dramatically and most of the time, security tests becomes the bottle neck of the whole process. To solve this issue, Penetra integrates in to development process and run penetration tests on the small parts and functions that are newly developed, rather than whole application.
Social engineering tests are controls aiming to identify vulnerabilities caused by end users and processes used in the organization. Even the most flawless security system may fail due to user errors. Social engineering tests involve assessment of security awareness level of end users to identify vulnerabilities in this aspect.
As working from home becomes more popular, hackers gain a much larger attack area, which forces corporates to make their end user computers' more secure to prevent loss of critical data. There are also systems that are needed to be more secure than other systems. With these tests, these systems are attacked locally and remotely to point out security vulnerabilities.
email@example.com +31 (0)70-2045180
The Hague Security Delta Campus Wilhelmina van Pruisenweg 104 2595 AN The Hague The Netherlands