Vulnerability Assessment and Penetration Testing
General Information
FOR BLUE TEAMS
FOR RED TEAMS
Free Vulnerability Assessment and Penetration Testing
Check your company's defenses through the eyes of an attacker with our free HACKR vulnerability scanner. Our HACKR service safely reveals the most critical gaps without any obligations, before cybercriminals find them.
What do we offer?
With our Vulnerability Assessment and Penetration Testing services, we identify and remediate vulnerabilities in your systems, services, and software that cybercriminals could use to cause damage beyond your current imagination.
What is included in the service?
A comprehensive assessment based on international methodologies, a detailed report with remediation recommendations, assistance in patching, re-testing, and related consultancy – both now and in the future.
Why choose us?
We believe that our assessments, consultancy, and support should provide the maximum benefit to our clients. As our partner, you will profit from our years of experience in cybersecurity audits and compliance frameworks.
If you are interested in our vulnerability assessment, penetration testing, source code review, mobile app security testing, and OS hardening assessments, click the PROCEED TO SERVICES button!
Scroll down to see the general characteristics of the listed services!
What is Vulnerability Assessment and Penetration Testing?
The goal of vulnerability assessment is to identify and remediate vulnerabilities in systems operated and defined by organizations, thereby reducing the probability of a successful targeted attack or mass automated hacker campaign.
| Method | Vulnerability Assessment | Penetration Test |
|---|---|---|
| Vulnerabilities… | Identification | Identification + Impact Assessment |
| Origin | External / Internal Network | External / Internal Network |
| Depth | black‑ / gray‑ / white‑box | black‑ / gray‑ / white‑box |
The essential difference between a vulnerability assessment and a penetration test is that while the former stops at identifying vulnerabilities, the latter includes the practical testing and validation of discovered flaws, determining the type and extent of potential damage.
General Types of Assessments
Black-box
During a black-box assessment, we only use the resources available to an external, remote attacker: publicly accessible interfaces, registration forms, forgotten test pages, and information indexed by search engines.
Recommended: If the system does not have an entry interface requiring strong authentication for users or admins.
Gray-box
In a gray-box assessment, we utilize client and admin-side information, technical details, and documentation, accessing the system's connection points and interfaces according to the client's needs.
Recommended: If the system defines more than one privilege level or if account creation requires human identification.
White-box
In a white-box assessment, we use not only client and admin-side information but also the client's detailed system description, including the underlying infrastructure, frameworks used, source code, and configuration files.
Recommended: If the system is highly sensitive or handles business-critical data.
Static Application Security Testing (SAST)
Security analysis of software source code or binaries without active execution. This strategy only identifies vulnerabilities evident from the code or binary file itself.
Recommended: When looking for security flaws in software programming and configuration.
Dynamic Application Security Testing (DAST)
This strategy identifies vulnerabilities that emerge during active operation and usage. It may not always be suitable for identifying deep-layer or source-code-level flaws.
Recommended: When you want to identify live attack surfaces as an external attacker.
Interactive Application Security Testing (IAST)
Combines characteristics of static and dynamic testing. In a sophisticated, targeted attack, prepared attackers also use tactics aligned with this strategy to discover exploitable vulnerabilities.
Recommended: When a full security review of the software is needed from both external and internal perspectives.
Assessment Parameters
| Quantity | Method | Methodology | Depth | Technique | Origin | Intensity | Approach | Scope |
|---|---|---|---|---|---|---|---|---|
| Hosts | Vulnerability Assessment | OWASP WSTG | Black-box | Network | Internal Network | Passive | Overt | Focused |
| Services | Penetration Test | OWASP ASVS | Gray-box | OS | External Network | Cautious | Covert | Limited |
| Features | OWASP MASTG | White-box | Application | On-site | Calculated | Full | ||
| Roles | OWASP MASVS | Wireless | Source Code | Aggressive | ||||
| MITRE ATT&CK | Physical | |||||||
| PTES | Social engineering | |||||||
| Other |
Network and Web Vulnerability Assessment & Pentest
- From the Internet and on internal networks, including via VPN
- Black-box, gray-box, and white-box depths
- Network discovery and open port analysis
- Defining assessment strategy based on identified services
- OWASP Web Security Testing Guide (WSTG) methodology (Detailed list of assessment steps)
- Verification of compliance with OWASP Application Security Verification Standard (ASVS)
- Practical testing and impact assessment of identified vulnerabilities (optional)
- Detailed assessment report with remediation recommendations and active support
- Re-testing of implemented fixes within 16 weeks following the assessment
Mobile App Vulnerability Assessment
- Assessment of store-ready APK and IPA packages
- Assessment of APK and IPA packages without obfuscation, root detection, and certificate pinning
- Mobile app source code analysis
- OWASP Mobile Application Security Testing Guide (MASTG) methodology
- Verification of compliance with OWASP Mobile Application Security Verification Standard (MASVS)
- Support for Kotlin, Swift, Flutter, Xamarin, React, etc.
- Vulnerability assessment and pentest of Backend APIs
- Detailed assessment report with remediation recommendations and active support
- Re-testing of implemented fixes within 16 weeks following the assessment
OS-level Security Audit, Hardening Check on Windows and Linux
- Based on CIS Benchmark and MITRE ATT&CK
- Using automated CIS hardening commands
- System-level vulnerability assessment, OS audit
- On Windows, Linux, OS/400 and other operating systems
- Verification of security solution operations
- Audit of account privileges
- Audit of network connections
- Audit of encryption solutions (Bitlocker, LVM, LUKS)
- Update/Patch management check
- Audit of installed software and comparison with software inventory
- Identification of operational deficiencies
- Detailed assessment report with remediation recommendations and active support
- Re-testing of implemented fixes within 16 weeks following the assessment
Hardware Vulnerability Assessment
- Testing casing tamper resistance
- Mapping cabling, power interruption, and restoration
- Testing key combinations
- Tamper-proofing of the physical environment
- Searching for and testing accessible ports
- Seismic tests
- Alarm system testing
- Monitoring and manipulation of communication channels
- Searching for and auditing storage media and drives
- Testing firmware and software anti-tamper protections
- Audit of access logs and event handling
- Audit of access rights and authentication mechanisms
AI/LLM System-level and Prompt Security Vulnerability Assessment & Pentest
- From the Internet and on internal networks, including via VPN
- Black-box, gray-box, and white-box depths
- Network discovery and open interface analysis
- Defining assessment strategy based on identified AI/LLM services
- Compliance verification based on NIST AI 100-1 and NIST AI 100-2e2025 guidelines
- Application of OWASP – LLM Applications Cybersecurity and Governance Checklist
- Risk assessment according to OWASP Top 10 for LLM Applications (e.g., prompt injection, model leakage, training data poisoning, adversarial input)
- Review of security and governance controls according to OWASP – AI Exchange methodology
- Practical testing and impact assessment of identified vulnerabilities (optional)
- Detailed assessment report with remediation recommendations and active support
- Re-testing of implemented fixes within 16 weeks following the assessment
Physical Penetration Testing for Headquarters and Sites
- At (own) sites defined by the Client
- Within pre-approved frameworks defined by the Client
- Black-box or gray-box methods
- Based on international social engineering, phishing, and human exploitation recommendations
- 1-3 days on-site assessment
- Open Source Intelligence (OSINT)
- Social Media Intelligence (SOCMINT) of employees
- Site mapping via drone
- Testing of token/card-based access control
- Audit of doors and locks
- CCTV and surveillance system audit
- Tailgating tests
- Audit of office access control systems
- Testing for the use of unknown devices (Rogue devices)
- Verification of document and information material protection
- Security audit of lock screens and workstations
- Verification of personal and credential data protection
- Testing of entry possibilities via job interviews
- Testing of entry possibilities via maintenance roles
- Impersonation
- Use of fake help-desk emails
- Visual recording (photo/video) of evidence
- Assessment report in Hungarian/English with remediation recommendations
Other Vulnerability Assessment Services
- Vulnerability Assessment and Pentest according to DORA (TLPT)
- Cybersecurity Audit of Medical Devices and Healthcare Systems
- DevSecOps – Cybersecurity Oversight and Support for Software and Services
- Simplified Vulnerability Assessment (WordPress, Joomla, Drupal, PrestaShop, etc.)
- Red Teaming, Threat-Led Penetration Testing (TLPT) Services
- Cloud (AWS, Azure) Vulnerability Assessment and Penetration Testing
- Firmware Vulnerability Assessment
- Identification of backdoors in compromised websites or systems
- Review of automated vulnerability assessment reports
- Source Code Review
- Outsourced Vulnerability Management Services
Vulnerability Assessment Processes
Consultation and Engagement
(Pre-engagement Interactions)
During the free consultation, the type, depth, scope, timeframe (all parameters), and subsequent pricing of the assessment(s) are defined.
The scope, precise timeframe, and price of the selected assessment(s) are recorded in the service agreement. We guarantee the security of data and results with Non-Disclosure (NDA) and non-threat declarations, while the Client provides legal consent for the operation.
Reconnaissance
(Information Gathering)
We design the testing strategy based on the functionality of the servers and other network endpoints within the scope defined by the Client.
Strategy Planning
(Threat Modeling)
Before commencing the assessment, we map the in-scope servers and their open ports to ensure we do not place unnecessary load on the production infrastructure and to maintain continuous availability.
Vulnerability Analysis
(Vulnerability Analysis)
We perform the assessment on the selected servers using automated and manual tools, following the methodologies specified in the contract.
Penetration Testing
(Penetration Testing)
Using automated and manual tools as defined in the contract, we verify the practical exploitability and impact of potential vulnerabilities identified during the vulnerability assessment, followed by appropriate risk weighting.
Reporting
(Reporting)
In a comprehensive executive and technical report (available in Hungarian and/or English), we explain the type of discovered vulnerabilities (CVE, CWE, OWASP, MITRE ATT&CK), their exploitability (CVSS, EPSS), exact location, and remediation steps. The report is supplemented by log files generated during the assessment to verify the conditions of our work.
If the assessment report includes vulnerabilities that require further consultation for remediation, we supplement the Client's remediation plan through joint coordination.
Remediation Testing
(Remediation Testing)
After the discovered vulnerabilities have been patched, we verify the success and effectiveness of the fixes.
Final Audit Report and Consultation
(Final audit report, consultation)
The results of the remediation testing are presented in detail to the Client in a final report. If further consultation is required, we jointly develop the next steps.
Our Related Certifications
Vulnerability Assessment Methodologies and Recommendations
Assessments performed by the experts of Makay Cybersecurity Ltd. can be carried out in accordance with or based on the following methodologies, recommendations, and compliance frameworks:
- Web Security Testing Guide – OWASP WSTG
- Mobile Application Security Testing Guide – OWASP MASTG (formerly MSTG)
- Application Security Verification Standard – OWASP ASVS
- Mobile Application Security Verification Standard – OWASP MASVS
- Cloud Application Security Assessment – CASA Tier 2
- Google Mobile Application Security Assessment – MASA
- Technical Guide to Information Security Testing and Assessment – NIST SP 800-115
- Artificial intelligence management system – ISO/IEC 42001:2023
- MITRE ATT&CK knowledge base
- Artificial Intelligence Risk Management Framework – NIST AI 100-1
- Adversarial Machine Learning - A Taxonomy and Terminology of Attacks and Mitigations – NIST AI 100-2e2025
- OWASP – AI Exchange
- OWASP Top 10 for Large Language Model Applications
- OWASP – LLM Applications Cybersecurity and Governance Checklist v1.1
- The Penetration Testing Execution Standard – PTES
- CIS Benchmarks – CIS
- Open Source Security Testing Methodology Manual – OSSTMM
- Information Systems Security Assessment Framework – ISSAF
- B.A.S.E – A Security Assessment Methodology – SANS
- Penetration Testing Guidance – PCI DSS
- The Vulnerability Assessment & Mitigation Methodology – RAND
- Penetration Test Guidance – FedRAMP
- MSZ ISO/IEC 15408 – Hungarian Standards Institution
- TISAX (Trusted Information Security Assessment Exchange) – VDA Information Security Assessment
Why is Regular Auditing Important?
- Increased Exposure to Attacks: Threat actors now launch indiscriminate attacks against everyone using automated tools and online vulnerability databases.
- Legal and Regulatory Compliance (NIS2, GDPR, MNB Recommendation 8/2020, etc.): Data protection is critical for Organizations, not just for reputation but for legal adherence.
- Aging and Vulnerable Software: Software can become vulnerable over time even if no changes are made to the code.
- General Changes: Development, configuration, and structural changes—and even security patches—can introduce new vulnerabilities.
Regardless of the industry, cybersecurity experts generally recommend at least annual assessments. For environments handling large volumes of sensitive data or those with frequent infrastructure and software changes, even more frequent testing is advised.
Common Vulnerability Types and Remediation
Broken Object Level Authorization (Details)
An authorization flaw that allows an attacker to access data or objects belonging to other users. Risk: Can lead to data breaches, account takeover, and compromise of business-critical data.
Cross-site scripting (XSS) (Details)
An attacker injects malicious JavaScript code into the affected website, which then executes in the user's browser. Risk: Theft of cookies, session tokens, or personal data, and performing actions on behalf of the user.
SQL (database) injection (Details)
This vulnerability allows an attacker to inject SQL commands into the database by manipulating input fields. Risk: Full database access, data manipulation, data leakage, and total system compromise.
OS version leak (Details)
Leakage of the operating system version, providing attackers with information about the weak points of the running platform. Risk: Attackers can more easily select targeted exploits for the specific version in use.
Software version leak (Details)
Exposure of software component version numbers, allowing attackers to identify vulnerable or outdated modules. Risk: Application of precise exploits increases the chance of successful intrusion.
Cross-Site Request Forgery (CSRF) (Details)
An attacker tricks a user into performing an action that the system perceives as a legitimate request from the user. Risk: Unauthorized transactions, configuration changes, and account hijacking.
Cross-Site WebSocket Hijacking (Details)
An attacker takes control of a WebSocket connection and transmits messages on behalf of the user. Risk: Unauthorized data access, message manipulation, and compromise of real-time communication channels.
Session hijacking (Details)
An attacker obtains or guesses a user's session ID to take control over their account. Risk: Complete account takeover, access to personal data and privileges.
Wildcard certificate (Details)
Improper use of a wildcard certificate can allow multiple subdomains to be compromised if a single private key is obtained. Risk: If the key is leaked, the attacker can establish valid, trusted HTTPS connections for any subdomain.
High and Critical Risk Vulnerabilities from the Last 30 Days
Frequently Asked Questions (FAQ)
Should we expect service downtime or outages during the assessment?
Vulnerability assessments and penetration tests are fundamentally conducted to avoid planned downtime and business disruption. For critical operations—such as specific exploits, DoS-related tests, or trials involving production databases—we coordinate the time window with the client in advance and utilize staging environments whenever possible.
What does the assessment report contain, and who is it for?
The report consists of two main parts: an executive summary and a detailed technical report. It includes the type of vulnerabilities (CVE, CWE, OWASP categories), severity (CVSS), exploitability, affected systems, proof-of-concept evidence, and specific remediation guidance. The executive section is for management, while the technical section is tailored for administrators and developers.
What is the difference between automated vulnerability scanning and manual testing?
Automated vulnerability scanning quickly combs through systems looking for known vulnerabilities but often generates false positives and does not provide deep analysis of business logic. Manual testing (manual vulnerability and penetration testing) is a targeted investigation performed by experienced ethical hackers capable of uncovering complex attack chains (kill chains), logical flaws, and combined vulnerabilities.
How much does a vulnerability assessment or penetration test cost?
The cost depends on the number and complexity of systems, the depth of the assessment (black-box, gray-box, white-box), and whether it involves web applications, network infrastructure, mobile apps, cloud, or AI/LLM systems. We always provide a quote after a unique scoping process, presented in a transparent, itemized breakdown based on required man-days.
Is a vulnerability assessment suitable for detecting traces of a previous hack?
A vulnerability assessment primarily identifies current weak points rather than past incidents. To uncover previous attacks, digital forensics and incident response are required. However, these are well-combined with vulnerability assessments: forensics reveals what happened, and the assessment helps ensure the same path cannot be exploited again.
Vulnerability Assessment Service Quote
Contact our ethical hacker colleagues via the Quote button to request information about the threats facing your systems!
Related Services and Products
Assessment Parameters for Vulnerability Assessment and Pentest Steps of Vulnerability Assessment and Penetration Testing Characteristics of Vulnerability Assessment, Pentest, and Red Teaming Limitations and Results of Automated Vulnerability Scanning OWASP Top 10 Vulnerability Assessment and Pentest OWASP Web Security Testing Guide Checklist Threat-Led Penetration Testing (TLPT), Red Teaming Cybersecurity of Aerospace Organizations and Space SystemsHírek, események, termékek és riasztások
Hírek, események, termékek és riasztások
Iratkozzon fel hírlevelünkre és ne maradjon le a legfontosabb kiberbiztonsági hírekről, eseményekről, termékekről és riasztásokról!