Pentests

Identify vulnerabilities before they are exploited by attackers!

Request a presentation Request a presentation

Our auditors simulate intrusions as if they were malicious attackers or collaborators

We carry out intrusion tests on 3 levels:

  • Black Box

    Tests carried out without information in order to simulate the actions of an attacker

  • Gray box

    Tests carried out from access accounts in order to simulate the behavior of a user

  • White box

    Tests carried out with in-depth knowledge of the environment (diagrams, source code, documentation, etc.).

The different audits

The tests are carried out manually by our experts with real consideration of the business risks and the “business” logic of each application or environment. Our teams can intervene in all types of environments where it is possible to intrude.

  • Web apps and APIs
  • Mobile app
  • Internal networks / LAN
  • Cloud environment
  • Physical Intrusion / Redteam
  • SAP-Infrastructure
  • PCI-DSS infrastructure
  • External infrastructure
  • Wi-Fi

  • Web apps and APIs

    Application penetration testing aims to detect and demonstrate the existence of security flaws in web applications and APIs.

  • Mobile app

    We carry out manual penetration tests on mobile applications developed for the Apple iOS or Google Android platforms as well as related infrastructures.

  • Internal networks / LAN

    Connected to your LAN by simulating the behavior of a trainee or a malicious collaborator, we are looking for flaws that allow access to confidential information and to obtain administrative privileges on the IS.

  • Cloud environment

    A review of the environment to verify the quality of the positioning of the components constituting the target infrastructure, and thus qualify the level of protection and availability of the services and resources provided.

  • Physical Intrusion / Redteam

    The objective of Red Team tests is to reproduce as closely as possible the activity of a professional attacker during an attack targeting your IS, using all methods (logical, physical and social) to access your internal network and to your most critical data.

  • SAP-Infrastructure

    These critical infrastructures may suffer from specific vulnerabilities affecting all layers (client/servers, network, database and application) of your ERP. We carry out an in-depth test by putting business risks into perspective.

  • PCI-DSS infrastructure

    As part of the fifty certifications carried out every year, XMCO carries out intrusion and segmentation tests against the certification scope of each of its customers. Followed by a QSA, the team in charge of the project will put into perspective the risks related to card theft and will associate each of the vulnerabilities with the requirements of the standard.

  • External infrastructure

    The objective is to identify the vulnerabilities exploitable by a malicious person, from the Internet, which affect the base of the audited perimeter.

  • Wi-Fi

    This involves identifying exploitable vulnerabilities against the Wi-Fi infrastructure with a view to entering the internal network (segmentation, takeover).

Let’s meet !

Book your meeting Book your meeting