Pentest Package

Cybersecurity Posture Management

kalpa.com

Penetration Test

Kalpa conducts a manual penetration test performed by an industry expert, with the test results delivered via the Kalpa software.

Manual Pentest

Real-time Communication

Remediation Advice

Free retesting

Multiple Reports

kalpa.com

Kalpa Software

The Kalpa software can be used to prepare for the pentest, to communicate with your pentesters, to observe pentest results in real time, as well as other key components of your pentest & cybersecurity posture management

Task Delegation

Pentest Preparation

Vulnerability Management

Asset Management

Compliance Management

Reason for the pentest

The pentest package is designed for ISO27001, however the final pentest report may be used to satisy a range of other compliance standards, and several other purposes

ISO27001

ISO27001 is the international standard for cybersecurity compliance

HIPAA

HIPAA is a compiance standard designed

to protect the privacy, security, and integrity of organisations within the healthcare industry.

PCI

PCI is an information security standard

related to handling credit card information

in financial organisations

SOC1/SOC2

SOC1/SOC2 is a cybersecurity

compliance standard popular

in North America

Scoping

We typically organise a scoping call to identify which assets need to be pentested. During the conversation, we will seek to understand the level of effort required for the pentest. Kalpa will ask about the unique business logic of your systems, so the correct testing strategy can be designed and implemented.

Webapp

We can test various types of web applications - ie different development stacks and architectural patterns.

Mobile App

We can test iOS & Android operating systems.

API

We can test a range of API formats, including SOAP, REST, and GraphQL.

Network

When performing network testing, we can perform internal or external network penetration tests, on both on-premise and cloud environments.

Cloud Infrastructure

In addition to the cloud-based network pentetration tests, we can perform cloud configuration reviews which help identify misconfigurations & issues automated scanners miss.

Testing

Kalpa combines the use of automated open source scanning tools, manual pentesting based on a chosen methodology, and most importantly, a thorough manual review of the targets unique business logic.

Reconnaissance

Manual Testing

Disclose

Reproduce

Remediate

Prepare

Reporting

Confirm scope.
Exchange testing accounts (and type of creds depend on whether its whitebox, blackbox, or greybox pentest).
Asset target details.

Perform initial scans using open source tools.
Analyse documentation.
Map user flow and explore the application.

Methodologies (OWASP Top 10, OWASP API Top 10, NIST, couple others).
Login functionality.
Unique business Logic.

Initial Report.
Final Report.
Executive Summary
(All downloadable via Kalpa platform).

All done through Kalpa platform

Reporting

Kalpa is flexible with reporting. We can create custom reports on demand, and you may download as many reports as you need through the report repository

Initial Final Report,

A PDF file listing the scope of the test, the methodologies used, all vulnerabilities found, and a description of impact

Revised Final Report

Updated report when vulnerabilities have been remediated

Executive Summary

A shorter more confidential report excluding sensitive information

Scoping Call

Please contact us for a scoping call to determine a price.

Navigation

+ 49 1520 765 1420

sales@kalpainfosec.com

Security

Social

Navigation

+ 49 1520 765 1420

sales@kaplainfosec.com

Security

Social

Navigation

+ 49 1520 765 1420

sales@kaplainfosec.com

Security

Social

Pentest Package

Cybersecurity Posture Management

kalpa.com

Penetration Test

Kalpa conducts a manual penetration test performed by an industry expert, with the test results delivered via the Kalpa software.

Manual Pentest

Real-time Communication

Remediation Advice

Free retesting

Multiple Reports

Kalpa Software

Task Delegation

Pentest Preparation

Vulnerability Management

Asset Management

Compliance Management

kalpa.com

Scoping

Webapp

We can test various types of web applications - ie different development stacks and architectural patterns.

Mobile App

We can test iOS & Android operating systems.

API

We can test a range of API formats, including SOAP, REST, and GraphQL.

Network

When performing network testing, we can perform internal or external network penetration tests, on both on-premise and cloud environments.

Cloud Infrastructure

In addition to the cloud-based network pentetration tests, we can perform cloud configuration reviews which help identify misconfigurations & issues automated scanners miss.

Reason for the pentest

The pentest package is designed for ISO27001, however the final pentest report may be used to satisy a range of other compliance standards, and several other purposes

SOC1/SOC2

SOC1/SOC2 is a cybersecurity
compliance standard popular
in North America

ISO27001

ISO27001 is the international standard for cybersecurity compliance

HIPAA

HIPAA is a compiance standard designed
to protect the privacy, security, and integrity of organisations within the healthcare industry.

PCI

PCI is an information security standard
related to handling credit card information
in financial organisations

Testing

Kalpa combines the use of automated open source scanning tools, manual pentesting based on a chosen methodology, and most importantly, a thorough manual review of the targets unique business logic.

Reconnaissance

Manual Testing

Disclose

Reproduce

Remediate

Prepare

Reporting

Confirm scope.
Exchange testing accounts (and type of creds depend on whether its whitebox, blackbox, or greybox pentest).
Asset target details.

Perform initial scans using open source tools.
Analyse documentation.
Map user flow and explore the application.

Methodologies (OWASP Top 10, OWASP API Top 10, NIST, couple others).
Login functionality.
Unique business Logic.

Initial Report.
Final Report.
Executive Summary  (All downloadable via Kalpa platform).

All done through Kalpa platform

Reporting

Kalpa is flexible with reporting. We can create custom reports on demand, and you may download as many reports as you need through the report repository

Executive Summary

A shorter more confidential report excluding sensitive information

Revised Final Report

Updated report when vulnerabilities have been remediated

Initial Final Report,

A PDF file listing the scope of the test, the methodologies used, all vulnerabilities found, and a description of impact

Scoping Call

Please contact us for a scoping call to determine a price.

Pentest Package

Cybersecurity Posture Management

kalpa.com

Penetration Test

Kalpa conducts a manual penetration test performed by an industry expert, with the test results delivered via the Kalpa software.

Manual Pentest

Real-time Communication

Remediation Advice

Free retesting

Multiple Reports

kalpa.com

Kalpa Software

Task Delegation

Pentest Preparation

Vulnerability Management

Asset Management

Compliance Management

Reason for the pentest

The pentest package is designed for ISO27001, however the final pentest report may be used to satisy a range of other compliance standards, and several other purposes

ISO27001

ISO27001 is the international standard for cybersecurity compliance

HIPAA

HIPAA is a compiance standard designed

to protect the privacy, security, and integrity of organisations within the healthcare industry.

PCI

PCI is an information security standard

related to handling credit card information

in financial organisations

SOC1/SOC2

SOC1/SOC2 is a cybersecurity

compliance standard popular

in North America

Scoping

Webapp

We can test various types of web applications - ie different development stacks and architectural patterns.

Mobile App

We can test iOS & Android operating systems.

API

We can test a range of API formats, including SOAP, REST, and GraphQL.

Network

When performing network testing, we can perform internal or external network penetration tests, on both on-premise and cloud environments.

Cloud Infrastructure

In addition to the cloud-based network pentetration tests, we can perform cloud configuration reviews which help identify misconfigurations & issues automated scanners miss.

Testing

Kalpa combines the use of automated open source scanning tools, manual pentesting based on a chosen methodology, and most importantly, a thorough manual review of the targets unique business logic.

Perform initial scans using open source tools.

Analyse documentation.

Map user flow and explore the application.

Methodologies (OWASP Top 10, OWASP API Top 10, NIST, couple others).

Unique business Logic.

Initial Report.

Final Report.

Executive Summary
(All downloadable via Kalpa platform).

All done through Kalpa platform

Confirm scope.

Exchange testing accounts (and type of creds depend on whether its whitebox, blackbox, or greybox pentest).

Asset target details.

Reconnaissance

Manual Testing

Disclose

Reproduce

Remediate

Prepare

Reporting

Kalpa is flexible with reporting. We can create custom reports on demand, and you may download as many reports as you need through the report repository

Executive Summary

A shorter more confidential report excluding sensitive information

Revised Final Report

Updated report when vulnerabilities have been remediated

Initial Final Report,

A PDF file listing the scope of the test, the methodologies used, all vulnerabilities found, and a description of impact

Scoping Call

Please contact us for a scoping call to determine a price.

Navigation

Home

Product

Pentest Package

About Us

+ 49 1520 765 1420

sales@kaplainfosec.com

Security

Social