We use cookies to optimise and continuously improve our website for individual users like you. By clicking “Accept all”, you accept storing of cookies on your device. Find out more at our Privacy Policy and Cookies Policy.
We need your consent to continue
Required cookies
Cookies for the basic functionality of the Infinum website.
Always on
Performance cookies
Performance cookies monitor only the performance of the site as the user interacts with it. These cookies don't collect identifiable information about the visitor. Data is anonymous.
Targeting cookies
Advertising and analytics service cookies that create day-to-day statistics and show ads on their site and on the advertiser’s partners websites.
Fill out the form, and we’ll follow up via email to discuss your specific requirements. Based on your needs, we’ll prepare a personalized penetration testing quote for your review.
Proven approach, actionable guidelines
Move beyond superficial scanner-generated reports. With our grey-box testing and advanced security methodology, we uncover hidden threats and provide clear advice for minimizing the risk.
Automated
Vulnerability scanners provide a useful overview of the target system, allowing us to focus on the crucial features.
&
Manual
An experienced team of product builders and testers knows exactly where to check for cracks that automated tests may miss.
Have more questions about our pen testing process?
Here is what business execs said about our penetration testing services.
“The Infinum team impressed us with their professionalism. It was refreshing to work with an external team that understands the technical aspects of our product. We’re delighted that we’ve found a reliable partner to enhance our organization’s security posture.”
NIVES BUČIĆ PETRUŠIĆ HEAD OF ENGINEERING, SYSKIT
“Infinum experts conducted a detailed analysis and identified weaknesses we couldn’t find through regular security testing. A valuable partnership for any technology-driven organization!”
GORAN RAMADANOVIĆ CTO, LEGIT
“Infinum team has consistently demonstrated professionalism and friendliness. Their clear communication throughout the pen test process and in presenting the results has been invaluable in strengthening our platform’s security. We highly value their expertise and look forward to continuing our collaboration with them.”
NENAD FILIPOVIĆ VP OF ENGINEERING, GIS CLOUD
“The team at Infinum guided us through the entire process. By delving into the business logic, they managed to understand those areas that were of the highest importance to our customers.”
JAN VARLJEN CTO, PRODUCTIVE
“Throughout the penetration testing process, the team was incredibly thorough and professional. They identified a number of vulnerabilities that we were not aware of and provided us with clear, actionable recommendations for addressing them.”
IVAN PADAVIĆ CTO, RENTLIO
FAQ
If you have a question we haven’t covered here, drop us a line in the contact form.
The first thing we do is assess your needs and system, determine the testing scope, and agree on a timeline. Afterward, you prepare the test environment and documentation, and the testing can start. You can contact us via the contact form, and we will take you through the entire process in more detail.
The duration, of course, depends on the scope of the test itself. For reference, testing a web app and an API usually takes 10-15 working days.
Once the pen test is complete, we will provide you with a full technical test report. To ensure clarity, we present all the findings and remediation steps to your team. Our offer also includes a free retest and an updated test report if you fix the issues within three months.
We also recommend signing up for recurring pen testing. Regular security checks ensure you verify product security during all crucial milestones.
Yes, we will provide an executive summary of the penetration test. That document does not uncover the technical details of the penetration test, so you can send it to your customers or use it for various compliance purposes.
Various security standards like PCI DSS, HIPAA, or SOC2 require or recommend regular pen testing, as it’s essential to identify and manage security risks. Our pen testing services are customized to your priorities, so tell us about your security objectives, and let us help you achieve them.
Alongside custom scripts, we use industry-standard tools like Burp Suite, Amass, OWASP ZAP, Nikto, Nuclei, and sqlmap. Our methodology builds upon OWASP WSTG, PTES, and OSSTMM, as well as our experience with software security and development.
Our test suite is tailored to uncover your business’ issues at all levels. Therefore, it includes testing for:
– Broken object level authorization (BOLA) – Broken function level authorization (BFLA) – Broken object property level authorization (BOPLA) – Broken authentication – Broken access control – SQL and XXE injection – Cross-site scripting (XSS) – Cross-site request forgery (CSRF) – Session hijacking – Server-side request forgery (SSRF) – Business logic and data validation – Function usage limits and denial of service (DoS) – Cryptographic failures – Security misconfiguration – Outdated components, and various others.
Automated tools usually discover common issues but can’t adapt to your product needs. This means they won’t find problems deep within your system and business logic. We recommend partnering with an agency that practices a thorough approach to testing and test suite adjustment.
