SECURITY INCIDENT?
We help 24/7, click here

API pentesting

NFIR provides thorough API pen testing with customizable scenarios and transparent reporting in accordance with OWASP guidelines to test the cyber resilience of organizations.
Neem contact op
NFIR beeldmerk kleur
NFIR beeldmerk kleur

API pentesting

NFIR provides thorough API pen testing with customizable scenarios and transparent reporting in accordance with OWASP guidelines to test the cyber resilience of organizations.

Test your applications, methods and systems for vulnerabilities using our API pen testing. NFIR offers professional API pentesting services that can help you secure your applications from outside attacks.
How secure are your APIs really?
Have it tested by our certified ethical hackers.

Scope examples

During an API pen test, the API can be tested from different perspectives: unauthorized (Black Box) or authorized (Grey Box).

Pentest APIs, pentest API
What we can pentest for you

What attack scenarios are possible for API pen testing?

The most common attack scenario for an API is a combination of a Black and Grey Box. An illustrative example is provided below for both attack scenarios. During an intake, the requirements will be mapped out in order to then choose a suitable scenario together with the client.

Black box pen testing hacker organization applications security information

Black Box of the API

With minimal information, a picture will be formed of vulnerabilities in the API. The possibility of using API requests without sending along the required authentication will also be explored. Through open source research (OSINT), as much information as possible will be collected to discover potential vulnerabilities based on this information.

Grey box pen testing risk hackers automated network penetration test the netherlands

Grey Box of the API

Testing the API from an authorized perspective is at least as important as from an unauthorized environment. This scenario mimics the actions of a malicious hacker should they gain access to a valid API token. This is accomplished, for example, by conducting a phishing attack or a social engineering attack. Questions that can be answered with this are for example: What vulnerabilities are present and is it possible to request more information than intended or send API requests that do not belong to the token's rights profile?

white box pentesting ethical hardware vulnerability pentester security audit computer systems

White Box of the API

In this attack perspective, the pentester has not only all the information about how the API works and login credentials, but also the source code of the API. This allows for more efficient pen testing, as well as checking for vulnerabilities in the software dependencies used.

NFIR and International Standards.

NFIR uses the OWASP Web Security Testing Guide (WSTG) and the OWASP API Security Top 10 for pen testing APIs. These standards give you the guarantee that the pen test will be carried out according to the correct standards and completely. We find it important to be as transparent as possible about the execution of the pen test. For this reason, we offer a checklist for various pen testing standards which is added to the report. This allows you to see which checks have been carried out, which could not be carried out and which, if any, were not applicable.

What clients have to say

Pen tests

Among other things, NFIR assisted VWS in pen testing the various digital assets being developed as part of the pandemic response. CoronaMelder, for example. This was carried out satisfactorily and in pleasant partnership. The results were also shared with the House of Representatives.
Home
Ron RoozendaalCISO
Ministry of Health, Welfare and Sport

Digital Forensics & Pentesting

When an incident occurred, we were looking for a partner who could conduct digital forensics for us and advise us on how to proceed. We ended up with NFIR. The expertise and thoughtfulness made us also have our Pentests performed by NFIR. We welcome NFIR's approach to this and their advice to help us make and keep our digital environments more secure.
Home
André PootICT & Education Policy Advisor
Willem van Oranje Onderwijsgroep

Security Monitoring & Pentesting

Countering cybercrime is obviously not something you can do alone. That is why we partnered with cyber security specialist NFIR. We started a very meaningful pentest. We now purchase almost all security services from NFIR to our great satisfaction. We recently launched Security Monitoring. It gives a sense of security because there is a structured, proactive and broad look at our systems. We cannot gather this knowledge and experience ourselves. It also keeps us on our toes, as the service provides insights we don't think of ourselves. With NFIR as a partner, we remain at the forefront.
Home
Rob HordijkOperations Manager
Royal Hordijk

Sample API Pen Testing Report

Sample API Pen Testing Report

A sample report (NL/EN) of a grey box web application pen test is available.
In this report, a pen test was performed on a fictitious environment, whereby vulnerabilities were made transparent.

Request a sample report of an API pentest here
Pentest

Pen tests

Please leave your information so a professional can call you back as soon as possible.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Get in touch with our professionals

Which systems can you have tested by NFIR's experts?

Which systems can you have tested by NFIR’s experts? Our ethical hackers check the technical resilience of (web) applications, websites, IT and OT infrastructures, API links and mobile apps. If you have a different environment that you would like to have controlled, we will be happy to discuss it with you.

Pentesting & security audits to test your digital resilience

Mobile application pen testing

Pentest OT infrastructures, pen test OT infra

Operational Technology (OT) Pen Testing

CyberSecurity Event Zwolle

NFIR uses reliable pentesting services, certified with the CCV Pentesting Seal of Approval. We are your Cybersecurity partner if you are looking for a down-to-earth Dutch Cybersecurity company that has years of experience in pentesting. Our certified ethical hackers identify vulnerabilities and provide concrete and actionable insights about the effectiveness of your security measures. Contact us today to put your cybersecurity under the microscope as well.

High quality pen testing

Certified and quality-oriented pentesters

Pentests are essential to test the technical resilience and effective operation of security. Our pentesters focus on identifying vulnerabilities in systems by deploying various attack techniques. Our skilled and professional pen testers have extensive experience, creativity and up-to-date professional knowledge. The pentesters have completed various relevant training courses and hold the following certifications, among others, OSCP, OSWP, OSWE, OSEP, CPTS, CBBH, and eWPT.

Pentesting and the CCV seal of approval:

  • This quality mark, based on NEN-EN-ISO/IEC standards 17021 and 17065, gives customers the guarantee that the execution of a pen testing assignment by NFIR is carried out in a professional and high-quality manner.
  • NFIR possesses since 07-01-2022 the CCV quality mark for Pentesting. logo ccv nl, Center for Crime Prevention and Security, pentest seals of approval.

I want to pentest my environment(s)!

Once you fill out this form, we will contact you immediately to inform you of the possibilities. We schedule a no-obligation intake with a Technical Lead to coordinate scope components and attack scenarios.

Do you have any questions in the interim? If so, please contact us by phone at the general NFIR phone number: 088 313 0205

A man in a blue shirt shakes hands with another person in front of a sign that reads "NO NONSENSE CYBER SECURITY EXPERTS," emphasizing expertise in pen testing and security monitoring.

SECURITY INCIDENT BIJ UW ORGANISATIE?

De volgende 30 minuten zijn van cruciaal belang​!

De eerste 30 minuten na een cyber security incident zijn cruciaal, omdat een snelle en adequate reactie de schade kan beperken. Daarnaast kan verdere verspreiding van de aanval worden voorkomen en kan essentieel bewijsmateriaal veiliggesteld worden voor nader onderzoek.

Ons Computer Emergency Response Team (CERT) staat 24/7 klaar om bedrijven en organisaties te ondersteunen bij IT-beveiligingsincidenten.

Bel ons 24/7 !
088 133 0700
* LET OP: Wij werken uitsluitend voor bedrijven en organisaties.

SECURITY INCIDENT AT YOUR ORGANIZATION?

The next 30 minutes are crucial!

The first 30 minutes after a cyber security incident are crucial because a quick and adequate response can limit the damage. In addition, further spread of the attack can be prevented and essential evidence can be secured for further investigation.

Our Computer Emergency Response Team (CERT) is available 24/7 to support businesses and organizations during IT security incidents.

Call us 24/7 !
088 133 0700
* PLEASE NOTE: We work exclusively for companies and organizations.