COMGUARD Penetration Testing is a professional security testing service offered by COMGUARD a.s., covering infrastructure, web application, and mobile device security assessments. **Test Types:** - Infrastructure Testing: Targets OS platforms, web servers, and databases to identify vulnerabilities, misconfigurations, and unsupported protocols; includes architecture review. - Application Testing: Focuses on web application logic and backend components (database servers, LDAP, file systems), with primary alignment to OWASP Top 10 vulnerabilities. - Mobile Device Testing: Covers vulnerability analysis, physical security policy testing, and optional extended tests (wireless network attacks, phishing, MDM/EMM exploitation). **Testing Methodologies:** - Black-Box Testing: Simulates an external attacker with no prior knowledge of the target system. - White-Box Testing: Conducted with full documentation provided by the client, enabling thorough topology review. **Testing Phases:** 1. Reconnaissance: Passive network analysis, target mapping, metadata collection, and vulnerability discovery using a combination of commercial and open-source tools. 2. Testing: Coordinated execution using automated, semi-automated, and manual techniques; findings are verified without compromising data integrity. 3. Reporting: Deliverables include a management summary, technical vulnerability descriptions categorized by severity, and specific remediation recommendations. **Social Engineering:** Available as a standalone or add-on service, including phishing tests, telephone tests, physical intrusion attempts, portable media tests, and dumpster diving. The service supports ISO/IEC 27001 compliance and the Czech Cybersecurity Act requirements.