Navigation
Contact Us
©2024 All right reserved
Privacy Policy
Terms of Use
Cookies
Navigation
Contact Us
©2024 All right reserved
Privacy Policy
Terms of Use
Cookies
Pentest Package
Cybersecurity Posture Management
kalpa.com
01
Penetration Test
Kalpa conducts a manual penetration test performed by an industry expert, with the test results delivered via the Kalpa software.
Manual Pentest
Real-time Communication
Remediation Advice
Free retesting
Multiple Reports
02
Kalpa Software
The Kalpa software can be used to prepare for the pentest, to communicate with your pentesters, to observe pentest results in real time, as well as other key components of your pentest & cybersecurity posture management
Task Delegation
Pentest Preparation
Vulnerability Management
Asset Management
Compliance Management
kalpa.com
Scoping
We typically organise a scoping call to identify which assets need to be pentested. During the conversation, we will seek to understand the level of effort required for the pentest. Kalpa will ask about the unique business logic of your systems, so the correct testing strategy can be designed and implemented.
Webapp
We can test various types of web applications - ie different development stacks and architectural patterns.
Mobile App
We can test iOS & Android operating systems.
API
We can test a range of API formats, including SOAP, REST, and GraphQL.
Network
When performing network testing, we can perform internal or external network penetration tests, on both on-premise and cloud environments.
Cloud Infrastructure
In addition to the cloud-based network pentetration tests, we can perform cloud configuration reviews which help identify misconfigurations & issues automated scanners miss.
Reason for the pentest
The pentest package is designed for ISO27001, however the final pentest report may be used to satisy a range of other compliance standards, and several other purposes
SOC1/SOC2
SOC1/SOC2 is a cybersecurity
compliance standard popular
in North America
ISO27001
ISO27001 is the international standard for cybersecurity compliance
HIPAA
HIPAA is a compiance standard designed
to protect the privacy, security, and integrity of organisations within the healthcare industry.
PCI
PCI is an information security standard
related to handling credit card information
in financial organisations
Testing
Kalpa combines the use of automated open source scanning tools, manual pentesting based on a chosen methodology, and most importantly, a thorough manual review of the targets unique business logic.
Reconnaissance
Manual Testing
Disclose
Reproduce
Remediate
Prepare
Reporting
Confirm scope.
Exchange testing accounts (and type of creds depend on whether its whitebox, blackbox, or greybox pentest).
Asset target details.
Perform initial scans using open source tools.
Analyse documentation.
Map user flow and explore the application.
Methodologies (OWASP Top 10, OWASP API Top 10, NIST, couple others).
Login functionality.
Unique business Logic.
Initial Report.
Final Report.
Executive Summary (All downloadable via Kalpa platform).
All done through Kalpa platform
Reporting
Kalpa is flexible with reporting. We can create custom reports on demand, and you may download as many reports as you need through the report repository
Executive Summary
A shorter more confidential report excluding sensitive information
Revised Final Report
Updated report when vulnerabilities have been remediated
Initial Final Report,
A PDF file listing the scope of the test, the methodologies used, all vulnerabilities found, and a description of impact
03
02
01
Scoping Call
Please contact us for a scoping call to determine a price.
Pentest Package
Cybersecurity Posture Management
kalpa.com
01
Penetration Test
Kalpa conducts a manual penetration test performed by an industry expert, with the test results delivered via the Kalpa software.
Manual Pentest
Real-time Communication
Remediation Advice
Free retesting
Multiple Reports
kalpa.com
02
Kalpa Software
The Kalpa software can be used to prepare for the pentest, to communicate with your pentesters, to observe pentest results in real time, as well as other key components of your pentest & cybersecurity posture management
Task Delegation
Pentest Preparation
Vulnerability Management
Asset Management
Compliance Management
Reason for the pentest
The pentest package is designed for ISO27001, however the final pentest report may be used to satisy a range of other compliance standards, and several other purposes
ISO27001
ISO27001 is the international standard for cybersecurity compliance
HIPAA
HIPAA is a compiance standard designed
to protect the privacy, security, and integrity of organisations within the healthcare industry.
PCI
PCI is an information security standard
related to handling credit card information
in financial organisations
SOC1/SOC2
SOC1/SOC2 is a cybersecurity
compliance standard popular
in North America
Scoping
We typically organise a scoping call to identify which assets need to be pentested. During the conversation, we will seek to understand the level of effort required for the pentest. Kalpa will ask about the unique business logic of your systems, so the correct testing strategy can be designed and implemented.
Webapp
We can test various types of web applications - ie different development stacks and architectural patterns.
Mobile App
We can test iOS & Android operating systems.
API
We can test a range of API formats, including SOAP, REST, and GraphQL.
Network
When performing network testing, we can perform internal or external network penetration tests, on both on-premise and cloud environments.
Cloud Infrastructure
In addition to the cloud-based network pentetration tests, we can perform cloud configuration reviews which help identify misconfigurations & issues automated scanners miss.
Testing
Kalpa combines the use of automated open source scanning tools, manual pentesting based on a chosen methodology, and most importantly, a thorough manual review of the targets unique business logic.
Perform initial scans using open source tools.
Analyse documentation.
Map user flow and explore the application.
Methodologies (OWASP Top 10, OWASP API Top 10, NIST, couple others).
Login functionality.
Unique business Logic.
Initial Report.
Final Report.
Executive Summary
(All downloadable via Kalpa platform).
All done through Kalpa platform
Confirm scope.
Exchange testing accounts (and type of creds depend on whether its whitebox, blackbox, or greybox pentest).
Asset target details.
Reconnaissance
Manual Testing
Disclose
Reproduce
Remediate
Prepare
Reporting
Reporting
Kalpa is flexible with reporting. We can create custom reports on demand, and you may download as many reports as you need through the report repository
Executive Summary
A shorter more confidential report excluding sensitive information
Revised Final Report
Updated report when vulnerabilities have been remediated
Initial Final Report,
A PDF file listing the scope of the test, the methodologies used, all vulnerabilities found, and a description of impact
03
02
01
Scoping Call
Please contact us for a scoping call to determine a price.