Penetration Testing


Sopra Steria follows a Risk Based Approach that reveals business risks and not just technical vulnerabilities. Our security experts understand the business process and deliver valuable results based on real scenarios. Different risk rating methodologies (CVSS, OWASP) are used based on company specific factors.


The different penetration tests scenarios 

  • Internal testing: to simulate the damage a disgruntled employee could do on your systems.
  • External testing: to simulate an outside hacker attacking your public facing infrastructure.
  • White box testing: the tester has been provided with some information regarding the target network before starting work.
  • Black Box / Blind testing: the tester has been provided with very limited data or none before the test procedure takes place.
  • Double blind testing: the company’s blue team is unaware of the attack and its response capabilities are tested.



  • OWASP (Testing Guide, Risk Rating, Top 10, ASVS)
  • CVSS
  • CWE/SANS TOP 25 Most Dangerous Software Errors
  • Penetration Open Source Security Testing Methodology Manual (OSSTMM)
  • Testing Execution Standard (PTES)



Penetration Testing


Sopra Steria takes the time to understand your business needs and think like a real attacker. This allows us to gain a holistic business overview, as well as a technical point of view. We will first identify the weakest link that may cause a severe impact to the organization, and then escalate to gain privileged access to information or systems. Our services are based on a hybrid approach composed of automated and manual tests. Tests will be conducted in a controlled and safe manner. For successful exploited vulnerabilities, our penetration testing experts will attempt further actions to increase their presence and gain elevated privileges.