Penetration testing

Protect your assets and data. Get full visibility into your security vulnerabilities so that you can address weaknesses and feel confident in your data protection and security systems.
Book a pen test today

Don’t just assume your IT environment is safe—see it for yourself

Penetration testing is an effective way to find and fix vulnerabilities in your cybersecurity defence. By simulating an attack, you can see exactly how your IT environment and your team would hold up in a real attack.

If there’s a way into your network, we’ll find it

We use multiple toolsets to test your team as well as your external, internal and wireless environments, and provide detailed reports of our findings to help you develop a comprehensive security strategy. 

Testing scenarios include red team and purple team exercises to test:   

  • Web applications 
  • Application programming interfaces (APIs)
  • Internal and external infrastructure
  • Mobile apps
  • Internet of things (IoT) devices 
Download the brochure

Our pentesting services

Our testing methodology—using black box and grey box testing—is based on the Penetration Testing Execution Standard (PTES)—a set of guidelines and best practices designed to govern the process of conducting a penetration test. It outlines the key stages and methodologies that should be followed to ensure a consistent, high-quality and ethical approach to pentesting.

Pen testing and assessments for web applications identify security weaknesses such as: 

  • Broken access control 
  • Cryptographic failures 
  • Injection 
  • Insecure design 
  • Security misconfiguration 
  • Vulnerable and outdated components 
  • Identification and authentication failures 
  • Software and data integrity failures 
  • Security logging and monitoring failures 
  • Server-side request forgery (SSRF)
Pentesting and assessments for APIs identify security vulnerabilities such as:   

  • Broken object level authorization
  • Broken authentication
  • Broken object property level authorization
  • Unrestricted resource consumption
  • Broken function level authorization
  • Unrestricted access to sensitive business flows
  • Server-side request forgery 
  • Security misconfiguration
  • Improper inventory management 
  • Unsafe consumption of APIs
We assess and test external-facing networks and host infrastructure, including assets such as VPN, FW, routers, DNS, DMZ and virtual or physical hosts. 

Assessments and pentesting focus on the following elements: 

  • Vulnerability scanning to understand the exposed services and tools, such as Nessus, Nexpose and NMAP 
  • Internet footprinting using techniques such as WHOIS, ARIN, Traceroute, NSLookup 
  • Identification of exposed ports and vulnerable services which can be exploited 
  • Determination of default and guest passwords or where weak password controls are followed 
  • Discovery of host misconfiguration and file system exposure 
Assessments and pentesting focus on the following elements: 

  • Vulnerability scanning to understand the exposed services, tools such as Nessus, Nexpose and NMAP 
  • Discovery of hosts which are part of the subnet but not identified by the client 
  • Identification of ports and vulnerable services which can be exploited on the network 
  • Determination of the patch level of each host and network device to gain an understanding of which ones are exploitable 
  • Determination of default and guest passwords or where weak password controls are followed 
  • Discovery of host misconfiguration and file system exposure 
  • Uncovering of user and group permission misconfiguration 
  • Elevation of privileges to gain high-privilege access to endpoints, either external or internal 
Asessment and pentesting for mobile apps on both Android and iOS devices focuses on: 

  • End-to-end encryption of data-in-transit that cannot be disabled by an end user
  • Sandboxing to separate and restrict the capabilities and permissions of workspace apps that run on the device
  • Policy controls for authentication, secure boot, application whitelisting, malicious code detection and prevention, device update and security event collection
  • Network security configuration review to understand if services are protected 
  • Protection against man-in-the-middle attacks and protection of components against modification and backup
  • Insecure connections with SQLite or Firebase databases 
  • Black/grey box penetration testing 

  • Planning and reconnaissance

    Identifying the scope of a test, as well as the systems to be addressed and the testing methods to be used.

  • Analysis

    Compiling the results of the penetration test into a report detailing vulnerabilities, sensitive data that was accessed, and the amount of time the threat remained in the system undetected.

  • Scanning

    Inspecting an application’s code to estimate the way it behaves while running. It is followed by inspecting an application’s code in a running state.

  • Gaining access

    Using attacks such as cross-site scripting, SQL injection and backdoors to uncover a target's vulnerabilities.

Reach out to our security experts to help protect your assets and data.

Book a call
Case Study

University Health Network: Streamline security, reduce staffing costs and protect patient data

UHN determined that Calian was its best ally in implementing a security system that could work seamlessly and effectively across its multi-site organization.

Read the case study
Those in cybersecurity know that incidences nearly always occur over the weekend or in the middle of the night, so it has given us a level of comfort in knowing we have 24-hour monitoring of our systems. Kashif Parvais, CISO, UHN

Calian cyber security solutions

Leading-edge threat modelling techniques

Combining state-of-the-art technologies, methodologies, and practices in order to detect, analyze, and mitigate potential threats in real-time.

Dark web monitoring

Scanning the hidden parts of the internet to detect and alert individuals or businesses about their exposed or stolen data.

Threat intelligence

Collecting, analyzing, and using information about potential security threats to inform and enhance an organization's defense strategies

Advanced correlation and uses cases

Sophisticated data analysis techniques to identify patterns and relationships, enabling better decision-making and customized solutions.

Machine learning and analytics

Harnessing algorithms and data to identify patterns and derive insights, optimizing decision-making processes automatically.

Cyber consultants

Providing expert guidance to organizations on protecting their digital assets, infrastructure, and data from cyber threats.

Training and preparedness

Equipping individuals and organizations with the knowledge, skills, and strategies to prevent, detect, and respond to cyber threats

Modernize and secure your IT infrastructure

Speak to an expert to empower your organization’s success in the digital realm.

Calian's global operations

With four security operations centres globally, Calian provides support around the clock, from day to night, enhancing global security capabilities.

Speak with a specialist today

Current ITCS delivery areas

Regions coming soon

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.