Penetration Testing

Penetration Testing

Tensecure provides top-class Penetration testing that mimics an approach from an attacker’s side, under controlled circumstances. We, at Tensecure provide exceptional security services and a well documented response for our clients. Our goal is to assure organisations that they are safe in a world full of security breaches, with assistance from our skilled group of security professionals and researchers.

Our Approach

Reconnaissance & Profiling

Network Mapping, Banner grabbing, fingerprinting, Service and protocol Discovery.

Security Testing Assessment

Automated scanning by enterprise class tool. Manual testing by our penetration testers & researchers.

Vulnerability Exploitation ​

Safely simulate attack scenarios with agreed rules of engagement.

Complete Reporting of Vulnerabilities

Identified Security vulnerabilities are reported with appropriate recommendation or mitigation measures.


Post remediation, re-validation is performed to validate the patch and closure of vulnerabilities.

Application Security Assessment

Tensecure follows a strict methodology when conducting an Application Security Assessment. This ensures that a structured process is followed and provides the client with a baseline against which the quality of the assessment can be measured.

Our methodology takes into consideration industry-wide statistic projects looking at the most vulnerable areas of application deployments, including the OWASP Top 10 and the SANS Top 25 Most Dangerous Software Errors.

• Profiling of the target application is performed to understand the core security mechanisms and functionalities employed by the application, interfaces to external or internal applications.

• Run automated scans (i.e. commercial and open-source) to identify application specific vulnerabilities covering all OWASP, WASC and SANS references.

• Complete Manual security testing is performed using various sources  and techniques to identify vulnerabilities such as business logic flaws, broken access controls and more that were missed during automated scans.

• All exploitable security vulnerabilities in the target application are reported based on CVSS v3 score. The identified security vulnerabilities are assessed thoroughly and reported along with appropriate recommendation or mitigation measures.

• Assist the client throughout the remediation process and perform re-validation to verify the effectiveness of the application security countermeasures used to mitigate the reported security vulnerabilities.

Network & Infrastructure

During Network Penetration testing, we discover all Internet-facing assets a hacker could identify as potential entry points into your network and then attempt to breach your network perimeter by identifying the weakness in servers and network devices. We then study within the perimeter to identify additional methods for compromising your network’s defenses.

Our team of OSCP certified professionals applies their skills to determine the vulnerabilities and safely simulate the exploitation in a professional and safe manner.

Mobile Security Assessment

Mobile application assessments, are similar in process to those of application assessments, and include a number of mobile-specific tests. They are broken down into two key areas:

1. Static Analysis- Analyzing raw mobile source code, decompiled or disassembled code.

2. Dynamic Analysis- Executing an application either on the device itself or within a simulator/emulator and interacting with the remote services with which the application communicates.

Our Process

Phase I

  • Discovery and Information gathering.

  • Identify running services and open ports.

  • Create a mind map to list all the open ports and running services.

Phase 2

  • Run Automated scans to identify vulnerabilities .        

  • Check for mis-configured services which can lead to security attacks.

Phase 3

  • Manually simulate every possible attack scenario.

  • Exploit the identified vulnerabilities in a controlled and safe manner.

Phase 4

  • Verify the results and perform impact assessment. 

  • Report the vulnerabilities with appropriate recommendation or mitigation measures.

Phase 5

  • Assist the client throughout the remediation process and perform re-assessment to verify the effectiveness of security patch. 

  • Release the final assessment and security posture report .

  • Phase I
  • Phase 2
  • Phase 3
  • Phase 4
  • Phase 5