CodeOne
Company
About Us
Company History
Major Certifications and Awards
Clients
Contact Us
Products
Codeone AppScan Management System
Codeone Sentinelle(AI Security Operations)
Codeone Extinelle(Explanation System)
Codeone SecuFinder (AI Security Assistant)
HCL AppScan
HCL AppScan Standard
HCL AppScan Source
HCL AppScan Enterprise
IBM Security Qradar
IBM Security Qradar SIEM
IBM Security Qradar SOAR
IBM Security QRadar UBA
OpenText
Open Text Fortify Sonatype
Open Text Fortify SCA
Open Text Fortify SSC
Open Text Loadrunner
Group-IB
Group-IB ASM
Research
Security Research Lab
Research Areas
Research Lab Composition
Partners
IBM
HCL
OpenText
Paloalto
Group-IB
Services
System vulnerability diagnosis
Source code vulnerability diagnosis
Web Vulnerability Diagnosis
Penetration Testing
언어 선택

Penetration Testing Service

Identify real security threats from an attacker's perspective — including hacking, data breaches, and service disruptions — before they happen.

- White-hat hackers attempt infiltration using the same methods as real attackers to detect and verify technical vulnerabilities in your IT assets

- Manual testing uncovers logic flaws and complex vulnerabilities that automated tools often miss

- Provides objective evidence to meet security certification and compliance requirements such as ISMS, CSAP, and ISO27001

- Discovered vulnerabilities are classified by severity with short/mid/long-term improvement roadmaps

Targets

Web Applications

Web Applications

Websites, e-commerce

Admin panels, portals

Mobile Apps

Mobile Apps

Android / iOS

Hybrid apps

Server / Infrastructure

Server / Infrastructure

Linux, Windows

Network devices

Cloud

Cloud

AWS, Azure, GCP

Container environments

API / Internal Network

API / Internal Network

REST / GraphQL API

Internal business systems

Social Engineering

Social Engineering

Phishing simulations

Insider threat assessment

Testing Standards

International Standards

OWASP TOP 10 (Web/Mobile/API)

CVE / CWE / SANS TOP 25

CERT Secure Coding Standard

PTES (Penetration Testing Execution Standard)

NIST SP 800-115

Korean Standards

Critical Information Infrastructure Vulnerability Assessment

e-Government Web Vulnerability Checklist (21 items)

Electronic Financial Infrastructure Security Vulnerability Criteria

NIS 8 Major Web Security Vulnerabilities

ISMS / CSAP Certification Requirements

Process

1

Pre-engagement Preparation

- Confirm scope and targets

- Agree on schedule and testing method

- Request security device exceptions (WAF, IPS, etc.)

- Sign Non-Disclosure Agreement (NDA)

2

Reconnaissance & Vulnerability Discovery

- Identify attack surface and map target system structure

- Combine automated tools with manual testing

- Analyze penetration paths based on attack scenarios

3

Penetration Testing

- Execute attack scenarios including auth bypass, privilege escalation, and data exfiltration

- Reproduce vulnerabilities and assess impact

- Attempt internal pivoting and lateral movement

4

Result Analysis

- Classify vulnerabilities by severity (Critical / High / Medium / Low)

- Evaluate impact per attack scenario

- Document reproducible Proof of Concept (PoC)

5

Report & Remediation Guidance

- Deliver executive summary + detailed technical report

- Provide remediation guide and code fix recommendations per vulnerability

- Conduct result review meeting with the client team

Expected Benefits

CodeOne's penetration testing service performs technical security assessments on your critical information systems, delivers actionable protection measures against identified threats, and helps reduce the risk of security incidents while elevating your overall security posture.

  • Early detection of high-risk vulnerabilities missed by automated tools through real attacker-perspective testing
  • Obtain evidence for vulnerability assessments required in ISMS, CSAP, and ISO27001 certification audits
  • Minimize incident response costs and brand damage through proactive pre-breach measures
  • Prioritize security investments effectively with severity-based improvement roadmaps
  • Continuously improve security posture and build resilience against emerging threats through regular assessments
  • Support executive decision-making with clear, management-level summary reports