elfATTACK-hacking testing is suitable for companies that need to investigate the security of the target system and identify and repair system vulnerabilities. Often, these are companies that have their software production or those who make software and information systems with a subcontractor. The penetration testing can also be used to evaluate the software produced by an external software vendor from a security perspective. The elfATTACK service is also well suited for milestone and pre-production testing during the development project.
elfATTACK is a hacking test that focuses on a single target information system, which, for example, identifies the security vulnerabilities of an application’s web interface or software API interfaces using various manual and automated testing methods. Frequently, the system that selected as a test site handles or contains confidential information and requires an external (objective) assessment of the security level of the target system. Few companies have their own security investigators and time-consuming resources to conduct self-testing, but even if their own security testing performed regularly, third-party testing is always a good addition and brings a new perspective on potential software vulnerabilities.
Critical findings and vulnerabilities that have emerged in the test are reported immediately to allow the customer maximum time to respond to the need for repair.
Hacker testing enables the company to have access to a detailed and reliable (objective evaluation) report of identified vulnerabilities, including their prioritization and development suggestions to improve the security vulnerabilities found. Typically, elfATTACK test reports also take into account usability and logical errors related observations that naturally emerge during security testing when the entire functionality of the application and the various processing logic branches are systematically traced. However, security testing never replaces usability or functional testing. Repeat testing confirms corrections made after the elfATTACK hacking test. The entire system testing is also possible, and it is also desirable to re-test to avoid undesirable side effects.
elfATTACK tests are carried out in a dedicated test environment to avoid limiting the testing of the environment in production or another testing. If needed, the test object can also be installed on elfGROUP dedicated test servers, which will speed up testing when the network delays disappear and the environment is certainly independent of the customer’s other infrastructure. In addition, for example, the possibility of overloading the customer’s network devices is eliminated.
It is important to understand that even malicious hackers do not restrict the use of their tool selections because the target system is in production use.
elfATTACK Testing Service can be a combination of the black box testing of the hacker perspective as a “shock” and a more transparent, white box testing, including the source code. The best combination of tools and methods is selected for each client to ensure that the most critical points in the information system are also most carefully tested.
elfATTACK is possible to combine system-specific elfSWEEP assessment, which improves the accuracy of the overall evaluation and enables the customer to reach a higher level of CyberSafe certification.
An auditable object can be certified with the elfGROUP CyberSafe certificate, which is the visual proof to company’s visitors of serious care about cyber security in a data security-driven customer segment.
elfGROUP’s experts are cybersecurity professionals who understand the needs of their customers. We always take a pragmatic and customer-tailored grip to implement the service. We have tested individual check-in pages and complete ERP systems. Our cyber security specialists have practical experience in a variety of industries and technologies and software projects. We believe that software security guides must have good programming experience. During the project, a secure elfCLOUD project space created, where the materials and the results associated with the assignment can be distributed confidentially.
elfGROUP assessed the cybersecurity of our digital services, and tested their information security vulnerabilities. With these results we were able to develop our products even more reliable. The benefits will transfer straight to our customers. Thanks to elfGROUP’s services, I can sleep better, knowing that an external specialist has ensured the reliability or our services.
Group Vice President, Technology
In our blog series, we write about cybersecurity domain in general, our service and product offerings as well as show case some of our customer cases. The blog posts are categorized by service types.Read elfATTACK related articles
Kari Halavaara, t. +358 50 553 4796
Pekka Käyhkö, t. +358 400 933 303