Achieve the highest possible level of security through

Penetration tests

Test your IT systems and your IT environment with an external penetration test (pentest). Through review and evaluation of your systems, we ensure that you have sufficient resilience to protect yourself against internal and external threats.

Avoid vulnerabilities in the web applications you use

Testing of web applications

Known vulnerabilities in web applications are usually the easiest way in for an attacker. New vulnerabilities in frameworks, application servers and software for code storage are discovered all the time, through Basalt’s penetration tests (pentests) of your applications you get a good picture of what the vulnerabilities are and depending on how extensive the test is you get recommendations for possible measures.

We find vulnerabilities in frameworks, application servers and software
Manual testing can discover vulnerabilities that automated tools would not find due to application differences in implementation
With access to source code during the penetration test, we can make the most accurate analysis possible

Base

Standard

Advanced

Vulnerability scanning

Using standard tools, we collect data to find known vulnerabilities

Base
✓

Standard
✓

Advanced
✓

Validation

Validation of potential detections to exclude false positives

Standard
✓

Advanced
✓

Basic report

Automatic standard report

Base
✓

Manual testing

Manual testing of the client's business logic. This includes detections of potential misconfigurations and can mean that data with sensitive information that would not be detected by an automatic scanning tool is found.

Standard
✓

Advanced
✓

Source code review

Some vulnerabilities are almost impossible to discover or exploit without access to the source code. However, there are many ways that the source code can be exposed without the fault of the application developers. New vulnerabilities in frameworks, application servers, and code storage software are published frequently, often with working exploits.

Advanced
✓

Manual report

After the penetration test, a full report will be written with potential vulnerabilities discovered during the assessment as well as failed attempts that show some of the company's strengths and weaknesses. Probability and impact are assessed as low, medium or high, while the overall classification consists of the levels low, medium, high and critical.

Standard
✓

Advanced
✓

We look for vulnerabilities in the client environment

Penetration testing of infrastructure

If an attacker takes over a company’s infrastructure, such as switches, firewalls and servers, things can go very bad, very quickly. In our pentests, we simulate real attack techniques that are used to find security vulnerabilities in your systems.

We do both simpler tests that give you an overview of the vulnerabilities in an automated report, to more advanced tests where we grade the discoveries into low, medium and high depending on how big an impact they can have on your business.

Information gathering about which systems and services are exposed that can potentially be exploited by a threat actor
All observations are classified according to their estimated significance based on likelihood of discovery and exploitation along with business impact
Complete post-test report of potential vulnerabilities discovered during the assessment, showing some of the company's strengths and weaknesses

Base

Standard

Advanced

Vulnerability scanning

Automatic scanning of known vulnerabilities in the client environment. All components and devices connected to the client's network, including switches, servers, printers, clients, routers, IoT and OT equipment.

Base
✓

Standard
✓

Advanced
✓

Basic report

An automated report will be delivered where general recommendations are presented.

Base
✓

Validation

Validation of potential detections to exclude false positives.

Standard
✓

Advanced
✓

Manual testing

The goal of penetration testing is to identify vulnerabilities in an environment by simulating real attack techniques. These follow the basic pattern of target discovery, vulnerability identification and exploitation. Basalt's penetration tests focus more on chaining together vulnerabilities to eventually gain access to critical data or target systems.

Standard
✓

Advanced
✓

Manual report

After the penetration test, a full report will be written with potential vulnerabilities discovered during the assessment and failed attempts that show some of the company's strengths and weaknesses. All observations are classified according to their estimated significance based on probability of discovery and exploitation along with technical impact to the business.

Standard
✓

Advanced
✓

Purple team

In a Purple team, Basalt's experts take on the role of Red team and work together with the customer's Blue team, with the intention of providing a stronger, deeper understanding of the unknown activity.

Advanced
✓

Red team

Basalt's Red team goes a step further and adds, for example, physical penetration testing or social engineering to the tests. A Red team tests the organization's detection capabilities in a realistic attack attempt.

Advanced
✓

What vulnerabilities are actually found in the mobile phone?

Mobile test

When we pentest mobile phones, we go through several aspects to look for weaknesses and vulnerabilities, usually this means reviewing the configuration of security settings and examining installed software.

During the testing, we look for several types of vulnerabilities and review code in self-developed applications. When vulnerabilities are discovered, these are tested to validate security.

Identify vulnerabilities and weaknesses in mobile devices
Ensure that applications can withstand a potential cyber attack
Get recommendations for improved security throughout your organization

Physical penetration tests

A physical penetration tester is physically present at the location where the test is to be performed, usually in connection with the customer’s premises. This type of testing is often used to simulate a realistic intrusion attempt to test both personnel and the safeguards in place. After a successful breach, the physical penetration tester continues to compromise systems and networks to see if he can collect sensitive data.

Tests that put your routines and existing systems to the test
Prevent sensitive information from being accessed by an attacker who enters the premises
Our physical pentesters document and report all deficiencies in a consolidated report

Test the resilience of the organization

Social engineering

Our social engineering experts conduct tests to investigate the resilience of employed personnel. This is carried out, among other things, with phishing campaigns, which involve tailored e-mail messages or phone calls to the organization. Social engineering can also be used in combination with physical penetration testing, that is, physical intrusions into premises and facilities.

The human factor and the lack of routines and knowledge among the employees is a weakness that an attacker likes to exploit to gain unauthorized access to the business.

Realistic tests to see if the organization has enough resilience
Scenario-based tests with high tact so as not to damage the trust of employees
Full report after completed activities with what deficiencies we found and our experts' recommendations

OT (Operational Technology)

An attacker may try to gain access to OT equipment such as industrial machines, control systems and various types of instruments. Due to the complexity of supply chains and the size of installed systems, security is often forgotten, even though many of these systems often protect vital operations.

In OT testing, we review communication protocols to investigate inaccuracies in configurations or logic for various critical functions that may affect operation. We also examine the infrastructure to see if the systems are sufficiently isolated.

We test your OT systems and make sure they are properly protected
Our tests reduce the risk of a cyber attack by simulating attacks from threat actors
Make sure to protect the business, the employees and society

5 tips to protect your systems against an attack

Download our guide

Make it harder for an attacker to succeed in their attack. Download our free guide with 5 concrete tips on how to protect your business against attacks.

I want the tips!

Get tips and inspiration from Basalt
Subscribe to our newsletter
E-mail

Invalid field

Jag vill få relevant information från Basalt AB till min inkorg. Basalt AB ska inte dela eller sälja min personliga information. Läs vår integritetspolicy här
Jag kan när som helst avsluta prenumerationen.

Required field

Stay one step ahead.

Let Basalt be responsible for your operational protection.
Contact us and we will guide you right!

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_756JKDQ1KE	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_55739322_1	1 minute	Set by Google to distinguish users.
_gat_UA-55739322-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
nQ_cookieId	1 year	Albacross sets this cookie to help identify companies for better lead generation and more effective ad targeting.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
_hjSession_2668272	30 minutes	No description
_hjSessionUser_2668272	1 year	No description
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description
nQ_userVisitId	30 minutes	No description available.