What is penetration testing ?
Penetration Testing is the method to assess the security of an application or network by safely exploiting any security vulnerabilities present in the system.
Web App Pentest
Scrut uses open web application security project (OWASP) and application security verification standard (ASVS) to create a framework for assessing web apps security. Scrut's pentesters also test business security logic such as weaknesses in data validation or integrity checks to find flaws in the application.
Scrut tests all web-based APIs, REST APIs and mobile APIs to analyse the target APIs to check their authentication type, API structures, understand request methods and responses, roles and exploit bugs.
Mobile App Pentest
Scrut tests applications that are hosted on iOS, Android and windows. Using OWASP and other methodologies, Scrut pentesters examine all the vulnerabilities to assess the application security.
Scrut follows Open Source Security Testing Methodology Manual (OSSTMM) to carry out network testing to test the security of elements that can attack from the outside of the company (IPs, servers) or the inside (servers, workstations, network devices).
Scrut pentesters assess the strengths and weaknesses of a cloud system to check and improve its overall security posture. It helps identify risks, vulnerabilities and gaps to provide best practices to maintain visibility.