Penetration Testing

Experienced professionals in penetration testing identify weakness in your security environment
- all on the autism spectrum and ready to work on your next project.
A cybersecurity analyst works at his computer

Make informed decisions about your security risks

Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or application to find security vulnerabilities that an attacker could exploit. At auticon, our primary objective is to identify weaknesses and vulnerabilities in your organization’s security environment. Our thorough testing includes measuring the effectiveness and reach of the overarching security policy, staff security awareness and organizational response to security incidents.

Black Box

No inside knowledge of code, processes or tools required

Dual perspectives

We test from both internal (malicious user) and / or external (general exposure) origins

Targeted Approach

Client team fully aware, no surprises, minimum disruption, quick feedback

auticon’s standard penetration testing approach addresses most commonly found security challenges and client requirements. We deliver fast results as well as secure and sustainable mitigation strategies.

auticon’s approach is aligned to the Open Web Application Security Project (OWASP)

  • The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software.
  • Their mission is to make application security “visible,” so that people and organizations can make informed decisions about application security risks.
  • Everyone is free to participate in OWASP and all materials are available under a free and open software license.
  • The OWASP Foundation is a not-for-profit charitable organization that ensures the ongoing availability and support for their work.

Web Security Testing Guide (WSTG)

  • The Web Security Testing Guide (WSTG) project is the primary security testing methodology for web application developers and information security professionals.
  • WSTG is a comprehensive guide to testing the security of web applications and web services, developed as a collaborative effort by cybersecurity professionals and volunteers, providing a set of best practices used by pen-testers around the world.
  • auticon is proud to participate in the evolution of these projects, and extend them to leverage our unique capabilities to the benefit of our clients.

“Bondle is a successful growth company, providing a smart and innovative collaboration solution to manage key interactions with important relationships. The suite of features include network interactions, document storage, task management as well as the ability to sign documents digitally. The success of the business relies heavily on a secure application with adequate security protocols.

To ensure such a secure environment, auticon and its team of highly qualified consultants conducted an important security assessment.

We were very pleased and impressed by auticon’s work ethic, attention to detail and professional approach, which gave us the confidence that our protocols, products, and processes are secure and exceed industry standards.”

– Sandeep Rao, Founder, Founders Wellbeing


Key strategies for Penetration Testing

White / Black box:

In white box testing, attackers have full knowledge of the systems architecture, source code, infrastructure and deployment details, simulating an insider, or advanced persistent threat. In black box (also known as “blind”) testing, the attackers know no details of the targeted systems and are thus limited to what an outside attacker would know.

External vs Internal Focus:

External testing focuses on company assets, visible on the internet, e.g., the web application itself, the company website, and email and domain name servers (DNS). The goal is to gain access and extract valuable data.

Internal testing simulates an attack by a malicious insider and focuses on an application behind its firewall. This is not necessarily a rogue employee, but much more commonly could be an employee whose credentials were stolen due to a phishing attack.

Lights on / off:

In “lights on” or “targeted” testing, IT staff are fully aware of the test and can anticipate and observe an attack in real time. In the “lights out” approach, IT resources are unaware of an attack, which offers unique insight into the clients attack detection capabilities.


In the assessment stage, auticon’s experts bring together everything they have learnt about the client’s business and systems, and their vulnerabilities, in order to:

  • Classify vulnerabilities according to likelihood and specific business impact, reviewing their severity and mitigation priority
  • Study how combining or chaining these vulnerabilities might more seriously compromise  the systems and business functions they support
  • Examine the nature and patterns of vulnerabilities in order to elicit common themes to address through evolutions of practice and tooling

Summary Report

  • At the completion of the engagement, a comprehensive Findings Report will be produced including:
    • Evidence of tests conducted
    • List all vulnerabilities 
    • Results discovered 
    • Recommendations on how to mitigate or eliminate identified vulnerabilities. 
  • The Findings Report will be presented in a walkthrough format to discuss the findings and provide our client the opportunity to ask further questions or raise any feedback.


Autistic Talent

Our teams have extraordinary cognitive abilities that provide exceptional value in the tech space. Logic, speed, precision, sustained concentration, and an ability to intuitively spot errors provide a uniquely autistic perspective on your tech projects. Our technologists are skilled software developers, data scientists, QA analysts, Salesforce administrators, and more.

Targeted Fulfillment

We closely match each technologist to your job requirements, office culture, and the neurodiversity goals of your company. The technologists become fully integrated into your teams, as either consultants or contract-to-hire employees, with the support of auticon Job Coaches and Delivery Managers.

Ensured Success

Our job coaches play a central role in your success, acting as a liaison between you and the autistic technologist. They help communicate timelines, manage expectations, resolve needs, and ensure the ultimate success of your program. Job coaches also support technologists on well-being and educate clients on best practices for working with autistic colleagues.

The auticon advantage

Autistic adults often have extraordinary cognitive abilities, such as logic, pattern recognition, precision, sustained concentration, and an ability to intuitively spot errors, yet many find it difficult to secure or maintain mainstream employment. While autistic strengths are highly individualized, academic research shows advantages emerge:

  • Autistic employees show greater analytical & systemizing skills
  • Innovative & creative intelligence
  • Higher standards & productivity
  • Honesty
Illustration of a job coach at her desk

Job coaches ensure success

auticon’s technologists and clients are supported by our job coaches who ensure that the technologists’ work environments enable them to deliver to their full professional potential. Our talented job coaches promote inclusion and well-being and are integral to making sure our technologists feel supported in their assignments. Most importantly, they provide clients with support and information regarding autism in the workplace and can convey feedback between the client and the technologist.

Our job coaches typically have a background in clinical psychology, performance coaching, managing anxiety disorders, special education, and vocational rehabilitation.

A closer look at how we work

Regeneron logo with the tagline "science to medicine"


Regeneron is a leading biotechnology company based in Tarrytown, New York that invents, develops, and commercializes life-transforming medicines for people with serious diseases.
Daylight Transport Logo

Daylight Transport

Daylight Transport, headquartered in Long Beach, California, is a privately held leader in expedited LTL (Less than Truckload) transportation and logistics.

Health Catalyst

Headquartered in Salt Lake City, Utah, Health Catalyst is a leading provider of data and analytics technology and services to healthcare organizations.

Autism is not a processing error,
it's a different operating system.

Want to know how we can transform your business through neurodiversity?
Skip to content