Testing
Methodology
Pendekatan komprehensif yang disesuaikan dengan kebutuhan dan postur keamanan sistem Anda.
Black Box
Simulasi serangan hacker eksternal tanpa informasi apapun tentang sistem Anda. Tester hanya mengetahui target URL dan mencoba menembus sistem seperti attacker sungguhan.
- ✓Perspektif real-world attacker
- ✓Menemukan vulnerability yang terekspos ke publik
- ✓Menguji perimeter defense Anda
- ✓Cocok untuk compliance requirements (PCI DSS, ISO 27001)
Grey Box
Testing dengan informasi terbatas seperti akun user biasa. Mensimulasikan skenario insider threat atau hacker yang sudah mendapat akses awal ke sistem.
- ✓Balance antara coverage dan biaya
- ✓Fokus pada privilege escalation
- ✓Menemukan logic flaws di business process
- ✓Lebih efisien dari segi waktu
White Box
Testing komprehensif dengan full access ke source code, dokumentasi, dan infrastructure. Termasuk code review dan architecture analysis.
- ✓Coverage paling lengkap (termasuk code-level vulnerabilities)
- ✓Menemukan logic bombs dan backdoors
- ✓Code review untuk secure coding practices
- ✓Detailed remediation guidance
Pricing &
Complexity Tiers
SIMPLE
- • Website statis atau WordPress basic
- • 5-20 halaman/endpoints
- • Minimal atau tanpa database interaction
- • Login sederhana (admin panel only)
- • No payment gateway
- • No API integration
- • Shared hosting atau basic VPS
- ✓ OWASP Top 10 basic checks
- ✓ Authentication testing
- ✓ Input validation
- ✓ SSL/TLS configuration
- ✓ Basic information disclosure
MEDIUM
- • Dynamic web application dengan database
- • 20-50 endpoints/pages
- • User authentication & role-based access
- • Form processing & file upload
- • Payment gateway integration
- • CRUD operations
- • REST API (basic)
- ✓ Full OWASP Top 10
- ✓ Business logic testing
- ✓ Session management
- ✓ Authorization bypass attempts
- ✓ API security testing
- ✓ File upload vulnerabilities
- ✓ Payment flow security
COMPLEX
- • Multi-tier architecture
- • 50-100+ endpoints
- • Complex user roles & permissions
- • Multiple API integrations
- • Real-time features (WebSocket)
- • Mobile app backend
- • Cloud infrastructure (AWS/GCP/Azure)
- ✓ OWASP Top 10 + API Security
- ✓ Advanced business logic flaws
- ✓ Race conditions
- ✓ GraphQL/REST API deep testing
- ✓ Third-party integration security
- ✓ Mobile API security
- ✓ Cloud misconfigurations
Client
Requirements
Wajib Disiapkan
- Scope definition: Target URL/IP, In-scope subdomains, Allowed hours
- Legal docs: Signed agreement, Auth letter, NDA
- Emergency contact: Tech support (24/7), Escalation contact
- Persiapan: Backup sistem sebelum testing, informasi tim IT
X TIDAK Perlu Diberikan
- User credentials
- Source code
- Documentation (Architecture, dll)
- Infrastructure details
Testing Process
Pre-engagement
Kickoff meeting, scope finalization, legal agreement signing, access provisioning, dan rules of engagement (2-3 hari).
Reconnaissance
Information gathering, asset discovery, attack surface mapping, dan threat modeling (1-2 hari).
Active Testing
Vulnerability scanning, manual exploitation, business logic testing, privilege escalation attempts (3-15 hari).
Reporting
Vulnerability documentation, risk assessment, proof of concept creation, executive summary (2-3 hari).
Presentation
Findings presentation, Q&A session, remediation roadmap discussion, dan priority setting (1 hari).
Retest (Optional)
Verify fixes, regression testing, updated report, dan security posture assessment (2-3 hari).
Value Added
Services
Retest Service
Verify remediation effectiveness. Test hanya untuk issues yang ditemukan.
Our Competitive
Edge
Proven Track
50+ successful assessments, 0 data breach during testing, 95% client satisfaction.
Manual Focus
Manual testing (bukan scanner), business logic focus, real-world attack scenarios.
Local Support
Bahasa Indonesia reporting, local business hours, on-site meeting available.