Security Penetration Test

iProteksi deliver Security Penetration Test Service for more than 50 banking applications every year in Indonesia, our specialty is securing banking applications. Banking applications need to be tested by security professional on a regular schedule, and after system changes, this process is required by PCI-DSS (Payment Card Industry Data Security Standard) and can support risk assessments as outlined in NIST Risk Management Framework SP 800-53.

Penetration Test (PenTest) is not the same as Vulnerability Assessment (VA). VA might offer thousands of automatic assessments in timely fashion, addressing all the VA findings might help you to prevent attack from bots, but might not be sufficient to prevent attack by real hackers. PenTest on the other hand, simulates cyberattack on your computer system, requires a lot of manual work by a high level of expertise which should be done by someone outside the organization, penetration testing or ethical hacking can discover real security weaknesses by exploiting all the cybertech such as network, perimeter security, infrastructure, and application.

We offer 3 different approaches for PenTest:

  1. White Box: Our Pen Tester is provided with full knowledge of the programming rationale in advance, this approach represents insider who is trying to attack the corporate application, thus provides maximum benefit to the corporate.
  2. Black Box: Our Pen Tester knows only the application name, this approach represents external attack, similar to real hacker who is trying to attack the system from the outside.
  3. Grey Box: Our Pen Tester is provided with necessary information about the system, without revealing the internal structure of the application. This test is suitable if you don`t have access to the source code.

Our PenTest service doesn’t not only find the weaknesses, but also assist you to prioritize the risk which most likely to happens, and a clear suggestion how to mitigate and countermeasure the risk.

  1. Web Application Penetration Test: The scope might include clickjacking, XML Injection, and email harvesting.
  2. Mobile Application Penetration Test: The scope might include bypassing root detection.
  3. DDoS Simulation Attack: From several country and different continent, simulate a DDoS attack during an agreed time and period to test your app and infra resiliency.
  4. Phishing Assessment: Evaluate how easy is your employee in giving their sensitive information to an impersonator.
  5. Cyber Security Maturity Assessment: Thorough and complete cyber security assessment which includes people, process, and supporting technologies. This service is very beneficial to evaluate the strengths, the weaknesses, and define and prioritize the short term strategies, and mid term strategies to improve IT security as a whole.

Your customer facing application will be at great risk if your penetration tester skill is equal or below the hacker skill. We bring world-class Security Consultants service to Indonesia, the best penetration test service for your banking applications, business critical applications and customer facing applications. We follows methodology such as Open Web Application Security Project(OWASP), Open Source Security Testing Methodology Manual (OSSTMM) and Center for Internet Security (CIS) benchmark for configuration review.

The team members were trained and possessed relevant Information Assurance qualifications such as:

  1. Offensive Security Certified Professional (OSCP)
  2. CREST Registered Penetration Tester (CRT)
  3. CREST Practitioner Security Analyst (CPSA)
  4. GIAC Penetration Tester (GPEN)
  5. GIAC Certified Incident Handler (GCIH)
  6. GIAC Security Essential (GSEC)
  7. Certified Information Systems Security Professional (CISSP)
  8. Certified Information System Auditor (CISA)

And are supported by professional institution memberships including the Institute of Engineering and Technology (IET), Institute of Information Security Professional (ITPC), and the Chartered Institute for IT. We respect PPKM/PSBB policy and understand our customer’s health during this pandemic, we offer off-site online penetration test to keep all of us safe throughout 2020, 2021, and 2022.

Save your company from becoming a news headline of nation scale attacks, choose penetration test service from CREST Certified Company, and we are here to help you in Indonesia.


Native Mobile Application is different from mobile web application, native mobile app might store sensitive artifact in the device, might call insecure API, might transmit data in weak or no encryption, might use old protocols, and even the APK might be easily decompiled and edited by a skillful hacker so that it can run in a manipulated/jailbroken environment.


Web Applications are easily accessible by everyone on this planet, including the unwanted visitors. These unwanted visitors is not a machine, we are not just talking about malware, nikto, kali, vega, we are talking about a highly skilled person that attack your system with bad intention.


Phishing Test is needed to evaluate your employee’s security awareness against the risk of disclosing sensitive information. According to a study, phishing simulation and training is effective enough to increase User’s security awareness.


Our expert team are on hand to answer any queries you may have.