Ingrata performs Application Penetration Testing to help organizations secure their websites, APIs, thick clients, and other custom applications. Ingrata incorporates techniques to identify issues outlined in OWASP Top 10, OWASP Code Review Guide, CWEs, and more.

Ingrata performs testing using automated scanning, but with a large focus on manual testing, finding issues that scanners cannot. Ingrata’s services include:

Black Box Application Penetration Testing:

Ingrata specializes in testing applications without access to source code, in order to simulate what users and attackers alike would be able to access when using the application.

Gray Box Application Penetration Testing:

Ingrata also specializes in testing applications with a combination of app access and source code testing, in order to find more obscure and complex technical issues.

Ingrata approaches External Network Penetration Testing with a more holistic approach than other companies. We specialize in taking an overall view of every external network service exposed on the internet by you and your subsidiaries. We pride ourselves in conducting cutting edge reconnaissance and targeting all exposed services in search of impactful vulnerabilities. Our approach contains both automated and manual testing, with a heavy emphasis on manual techniques to uncover meaningful issues that can leak data.

Ingrata’s Internal Network Penetration Testing engagements simulate attackers who have already gained a foothold in the internal network, or even a rogue employee. Most organizations focus on securing the perimeter, but many successful attacks originate from bypassing the perimeter. Our methodology focuses on emulating attacker methodologies such as those used by ransomware groups to move laterally across the network and compromise your organization's data.

Cloud environments can be confusing, so Ingrata’s Cloud testing methodology looks to ensure that no obvious flaws are present in your cloud environment, and ensure that the Principle-of-least-privilege is always upheld to harden your environment.

Social Engineering attacks encompass a wide range of scenarios that target the human factor of security, usually the weakest link. Ingrata offers services such as Vishing, Phishing, and Physical penetration testing techniques to gain unauthorized access to your data.