Pentest Lyon: have your IS audited

AlgoSecure, pentest specialist in Lyon

Deeply rooted in Lyon, AlgoSecure is made up of a team of cybersecurity enthusiasts, close to your cybersecurity needs.

Expert in pentesting, our independent consulting firm specialized in information systems security (ISS) is at your disposal to test the security of your information system as well as the software you develop.

We can offer you a wide range of penetration tests: Web Pentest, Internal network penetration tests (Active directory, corporate networks, industrial networks, Unix networks, etc.... ), Red Team Audit: simulations of real cyberattacks based on realistic scenarios, Phishing campaigns, Penetration testing of Cloud networks (Azure, AWS), Penetration testing of mobile applications (iOs, Android), Configuration and architecture audit, Code audit, Compliance audit of your On Premise and Cloud infrastructures.

PASSI-qualified specialists, we carry out pentests combining automated methods and advanced manual analysis. At the end of our assessment, we provide an exhaustive report detailing the identified vulnerabilities, their exploitation, but also detection indices and finally recommendations to remedy them and reinforce your security.


Our strengths

ANSSI PASSI certification logo

Trusted partner of ANSSI.

We are a Information Systems Security Audit Provider (PASSI) for all penetration test scopes.
Pictogram of meticulous work

2 pentesters on each mission

Enables more in-depth analysis and 2 different viewpoints for better investigation.

Planning pictogram

Specific pentests for every need

Web application, mobile application, network, cloud infrastructure...

Pentest report pictogram

A tool for your teams

A test report designed as a tool for improving your security, with remediation recommendations.

impartial advice pictogram

Unbiased testing

Total independence from publishers and manufacturers.

Experts pictogram

Certified experts

In addition to being individually PASSI-qualified, our pentesters maintain a culture of continuous improvement through training and certification.

Why carry out a pentest?

In a world where every employee has a multitude of connected devices - computers, smartphones, tablets and more - data has become both essential and more diffuse. We are living through an unprecedented digital revolution, where information is both our strength and our vulnerability. And, like any precious commodity, it naturally arouses interest.

Ensure that user and corporate data are properly protected from leakage, that employees are made aware of targeted attacks employing social engineering, that the services exposed by the company will not be disrupted by an IT hazard, that your tools and infrastructures meet the standards of your business sector or withstand the investigations carried out by our teams... That's what penetration testing is all about.

Just as the human body needs regular check-ups, regular audits are necessary to assess the security of your information system. Pentests provide a fresh look at your IS, as well as a diagnosis and actions to mitigate certain vulnerabilities. They also enable you to adapt and strengthen your security in an ever-changing cyber and digital ecosystem.

Quality before anything else

AlgoSecure, in its pentest offering in Lyon, makes it a point of honor to perform quality penetration tests. The most standard processes are automated in order to devote more time to human analysis and to put ourselves in the shoes of attackers able to exploit all the scenarios open to them. The expertise of our consultants enables us to find more complex combinations of vulnerabilities, requiring advanced technical skills.

So, by putting human at the heart of our services, we strive to have a pragmatic and relevant approach to penetration testing.

Genuine added value for our customers, we attach great importance to the deliverables you receive at the end of the pentesting service. This report is written by the two pentesters involved in the mission, and then proofread by a third party. It presents in detail the list of identified vulnerabilities/defects, their criticality, the attack scenarios, the detection actions (in the cases concerned) and also the remediation actions to be implemented. In a managerial and technical summary, this report summarizes the results of intrusion tests and the company's level of security, while providing a risk assessment approach.

What level of information do you need for your pentest?

The security of your information system is our priority. So, before any action is taken, clear and precise instructions are essential. Two pieces of information are essential to the success of an intrusion test. The first piece of information is the scope of our intervention: this could be, for example, your main website, your internal network of servers, specific web applications or even physical infrastructures. Once this perimeter has been established, the level of information made available to our pentesters is determined.

  • Black box pentesting

    simulating an external attacker with only the IP address(es) or URL(s) to be audited. This test starts with a passive recognition phase, looking for publicly available information about the target, without interacting directly with it. It continues with a phase of identifying the services exposed by the perimeter, looking for possible vulnerabilities, or possible points of entry.

  • boite-grise
  • Grey box pentesting

    here, our experts have information such as user access. In addition to conventional checks, they verify and test the robustness of the access control used to validate user privileges.

  • boite-blanche
  • White box pentesting

    pentesters have a wealth of information about the application: access and administrative privileges, infrastructure diagrams, even source code. In addition to the vulnerability tests, a source code study and audit is carried out, providing an in-depth search for vulnerabilities.

Each of these tests has its own importance and meets specific needs. Of course, the choice you make depends on the level of risk you wish to assess, your objectives for these penetration tests, your organization and your IS maturity. Once the tests have been carried out, our experts summarize their observations, before providing you with a detailed report, giving you a clear, comprehensive view of the situation and recommendations for dealing with the identified vulnerabilities.

Our methodology

At AlgoSecure, we adhere to the standard PTES approach to guarantee reliable and relevant results. Here's a detailed overview of our audit procedure on a web application as an example:

  1. Perimeter recognition and enumeration

    This first step involves gathering as much information as possible about the application and its input vectors. Thanks to a meticulous analysis, we create a precise mapping of services, their associated versions, and the underlying server architecture.

  2. Identifying and exploiting vulnerabilities

    This phase mobilizes two specialized auditors to maximize the discovery and exploitation of vulnerabilities. Thanks to their complementarity, they can identify a diverse range of faults, pinpoint the conditions under which these faults are exploited and, above all, anticipate the side-effects caused by the possible exploitation of vulnerabilities.

  3. Discussions on the main results

    After the audit, a dialogue is established between you and our experts. The goal is to provide you with an overview of the risks identified, assessing the severity of vulnerabilities, the ability required to exploit them, and the complexity of potential attack vectors.

  4. Report writing and dispatch

    The findings made during the pentest are consolidated in a detailed report. For each vulnerability identified, we specify its criticality (using the ANSSI scale) and propose corrective solutions, while assessing how easy they are to implement.

  5. Restitution of results

    Restitution is a key phase, during which we deliver our conclusions, both managerial and technical. We make sure you have everything you need to act quickly and efficiently. What's more, our experts remain available to answer your questions and guide you through the implementation of recommendations, if required.

Who are we ?

Founded in Lyon over 15 years ago, AlgoSecure has established itself as an independent reference in cybersecurity in France.

Our mission?
To support both private companies and public bodies in enhancing the security of their information systems, with a range of actions extending from auditing to protection, training and awareness-raising, not forgetting incident response.

As proof of our expertise, the PASSI qualification and the Expert Cyber label bear witness to our technical excellence, which is part of our DNA.
We nurture this excellence on a daily basis, through feedback, advanced training and strategic intelligence, all aimed at ensuring optimum security for your IS. You can rest assured that everything we do, from penetration testing to support services (excluding partner training), is carried out in-house by our dedicated experts.

ANSSI PASSI certification logo

Our values

AlgoSecure is first and foremost a company with a mission. In fact, we've made sure to enshrine our raison d'être and our social and environmental objectives in our articles of association.

What's more, we set ourselves ambitious goals, overseen by a dedicated mission committee and evaluated by third-party bodies to guarantee their implementation and relevance. Innovation is also rooted in our DNA, illustrated by the development of OpenSource tools, the funding of CIFRE theses or our « Thinking Days » - 10 days a year for each employee devoted to training and the development of innovative projects. By joining us, our employees become part of a team that values expertise, integrity, professionalism and passion.

And with 15% of profits donated to employees and 1% dedicated to open source projects, we are strongly reaffirming our commitment to our employees and the community.

Lyon: a rich economic fabric to protect

Lyon, France's second-largest economic hub, is home to more than 140,000 companies generating some 16,000 new jobs every year in the healthcare, chemicals, energy, manufacturing and eCommerce sectors. This economic dynamism, particularly in the healthcare and life sciences sector which accounts for 72,500 jobs (12% of regional employment), makes the region particularly exposed to cyber risks. In this context, the need to strengthen cybersecurity in Lyon is more relevant than ever.

We play a major role in cybersecurity in the Auvergne-Rhône-Alpes region, and more specifically in Lyon. We work closely with institutions such as ANSSI, both regionally and nationally. We are also active in the IT ecosystem, through associations and clubs such as CLUSIR, Digital League and Minalogic.

AlgoSecure has been a cybersecurity player in Lyon for 15 years.

Contact form

For more information, please fill in the form. One of our sales representatives will contact you to discuss your needs in more detail.

You've enabled "Do Not Track" in your browser, we respect that choice and don't track your visit on our website.