• CREST Certified

• AI Powered, Triple Human Validation

• Speed, Efficiency and Accuracy

• Cost-Effective and Affordable Testing, Anytime

• Scalability and Adaptability to New Threats

• Faster, Smarter and Simpler

• Self-Serve Engagement and Delivery

A controlled attack on a computer system, network or application to identify security vulnerabilities that threat actors might exploit.

A penetration test provides you with confidence in your security posture. Without conducting penetration testing, organisations do not know where the weaknesses are that a threat actor may attempt to exploit.

• External penetration tests target the Internet facing technologies of an organisation. Parts of the organisation could be accessed by anyone, anywhere in the world with an Internet connection.

• Web application penetration tests target the applications or websites that your organisation uses to interact with clients and members of the public. This test looks to see if there are any vulnerabilities that could be exploited by the threat actors or by the staff managing the application.

• Internal penetration tests target weaknesses within your internal networks and systems that could be exploited by a rogue contractor or staff member with access to a network port within the inner portions of the organisations networks or systems.

• White Box: Authenticated testing with full documentation of network/application. You will provide Block8.ai an account for an internal service and full documentation of your application or network so Block8.ai can specifically target high values assets first.

• Grey Box: Authenticated testing with no documentation. You will provide Block8.ai a basic user account as part of scoping and no additional detail about your application, network or services. Block8.ai will use the provided account to attempt actions like privilege escalation and exfiltration of sensitive data.

• Black Box: Unauthenticated testing, this best emulates the starting point of a bad actor trying to access your network or application.

Web application penetration testing should be conducted at the following times:

• Before first going live with an internet facing system.

• ·After major changes occur to the externally facing components of the organisations technology.

• Following an actual or suspected incident involving the organisations internet facing technologies.

• Following changes to the externally facing technology.

• To meet compliance requirements.

Penetration testing should be conducted twice yearly as a minimum.

Artificial Intelligence (AI) Human intelligence simulated by software coded activity, enabling machines to perform tasks that typically require human cognition.

The use of humans always includes the potential element for error. AI penetration tests reduce this potential by using humans for the validation function after the AI component.  Human and AI penetration tests follow the same basic principles and processes.

• Planning and reconnaissance.

• Scan for vulnerabilities.

• Vulnerabilities are safely exploited.

• Recommendations are developed.

• Report is generated and communicated.

Block8.ai penetration testing provides comprehensive penetration test reporting that is designed to provide you with all the information that you need to act on our findings and secure your systems and networks. Reports include as a minimum:

• An executive summary suitable for distribution to non-technical management.

• Details of key findings of the test.

• Detailed remediation advice empowering you to secure your systems and networks.

Block8.ai aims to give you every opportunity to come out with a clear test result. To this end we offer free re-tests of all vulnerabilities within 60 days of the original test. This gives you the time to remediate the vulnerabilities identified, following the recommendations provided by Block8.ai and provides a clear test with certificate to provide clients.