Dennis Slier
Project Lead Incident Response Cyber Security
About NFIR
Our society is increasingly affected by serious cyber security incidents that have major consequences for our digital infrastructure. Cyber security incidents are often focused on an organisation’s critical work processes, endangering the continuity of an organisation. As a result of changes in legislation and regulations, organisations are generally themselves responsible for the damage suffered and for repairing it. Quick and professional intervention is therefore essential and NFIR can help you with that.
Schedule an appointment directly with NFIR expert Dennis
Frequently asked questions
What is the difference between a pentest and a vulnerability scan
- A vulnerability scan provides a general picture of how IT security is organised. A pen test provides a more detailed picture of current IT security. A pen test provides a more detailed picture of current IT security.
- A vulnerablity scan is used to find commonly known vulnerabilities. In a pen test, attention is paid to all potential weaknesses
- Vulnerability scanning uses automated scans to detect vulnerabilities. A pen test also makes use of automated scans and the researcher actively seeks out vulnerabilities through a dose of creativity.
Penetration test or vulnerability assessment? – Penetration test? – Contact NFIR now
Penetration tests by our certified experts
Our pen testers have a large amount of experience, a lot of creativity and up-to-date expertise. The NFIR pentesters have followed relevant training courses and obtained certifications such as OSCP. In addition, they have all received chief of police approval and signed confidentiality agreements.
How long does a pentest take?
How long a pen test lasts strongly depends on the environment that needs to be tested and the agreements made with the client about the attack scenarios to be used.
Black box or white box scenario?
A Black Box pentest means that no information about the environment is shared with the pen testers beforehand. With a pentest based on the White Box principle, all information about the environment is shared in advance. If you are having a pentest performed for the first time and want to get an overall picture of your security, it is useful to have a Black Box pen test performed.
What more does a grey-box pentest offer than a black-box?
A Black Box pentest is especially suitable when an environment is being pen tested for the first time and you want to get an overall picture of the security. A Grey Box Penetration Test is an intermediate form of the Black Box and White Box Penetration Test, in which the researchers have limited login details and information at their disposal. The Grey Box pentest is generally used to see how safe an environment is from the perspective of an employee or customer.
Make good arrangements about the pentest
Make arrangements with each other when the information should be delivered, when the pentest will take place, what the pen test means for the daily operations within your company and when the report will be delivered. The assignment must be clear and the information required in advance must be delivered on time, or a pen test cannot begin.
The NFIR Pentest: how impenetrable is your network?
With the NFIR Pentest you can get certainty and advice about the safety of your network. NFIR for non-binding advice: 088 – 323 0205
What methods do you use to perform pentests?
The three main standards used by NFIR (depending on the environment to be tested) are the Penetration Execution Standard (PTES), Open Source Security Testing Methodology Manual (OSSTMM) and the Open Web Application Security Project (OWASP). The Common Vulnerability Scoring System (version 3) is used to determine the severity of a vulnerability. Furthermore, NFIR uses input from the client to apply a CIA weighting to the vulnerabilities found.