Its goal is to simulate a possible attack and determine how deep an attacker can penetrate the system, and how much damage can be caused to a business.
Through this, we can identify existing vulnerabilities and assess the current information security risks.
We test two scenarios: external penetration (when the access rights to the application are not available), and internal actions of company employees who have access rights.
Testing is based on the OWASP Web Security Testing Guide and Penetration Testing Execution Standard and includes five main stages.