{"id":3235,"date":"2026-07-08T22:22:46","date_gmt":"2026-07-08T22:22:46","guid":{"rendered":"https:\/\/mscyber.tech\/?p=3235"},"modified":"2026-07-09T01:56:42","modified_gmt":"2026-07-09T01:56:42","slug":"o-que-e-um-pentest","status":"publish","type":"post","link":"https:\/\/mscyber.tech\/pt\/o-que-e-um-pentest\/","title":{"rendered":"O que \u00e9 um Pentest? Um Guia Completo para Empresas"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"3235\" class=\"elementor elementor-3235\" data-elementor-settings=\"{&quot;ha_cmc_init_switcher&quot;:&quot;no&quot;}\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7b90f3a e-flex e-con-boxed e-con e-parent\" data-id=\"7b90f3a\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2603d8a elementor-widget elementor-widget-text-editor\" data-id=\"2603d8a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Um pentest (teste de invas\u00e3o) \u00e9 uma pr\u00e1tica de seguran\u00e7a ofensiva na qual especialistas simulam ataques reais contra os sistemas, redes ou aplica\u00e7\u00f5es de uma organiza\u00e7\u00e3o para encontrar vulnerabilidades antes que criminosos possam explor\u00e1-las. A pr\u00e1tica segue metodologias reconhecidas como PTES, OWASP e NIST SP 800-115, e \u00e9 exigida ou recomendada por normas como ISO 27001, PCI-DSS e, no contexto brasileiro, a LGPD. Empresas de m\u00e9dio e grande porte realizam pentests periodicamente e ap\u00f3s qualquer mudan\u00e7a significativa em sua infraestrutura.<\/p><p>Este guia explica o que \u00e9 um pentest, como ele funciona na pr\u00e1tica, os tipos, quanto custa, o que diferencia um relat\u00f3rio forte de um gen\u00e9rico e quando sua empresa deve realizar um. Ele \u00e9 a base para qualquer tomador de decis\u00e3o que precise justificar, comprar ou avaliar um teste de penetra\u00e7\u00e3o.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a89b72 elementor-widget elementor-widget-heading\" data-id=\"4a89b72\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">O que \u00e9 um pentest e por que ele existe<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ac17974 elementor-widget elementor-widget-text-editor\" data-id=\"ac17974\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Um pentest \u00e9 um ataque simulado e autorizado, realizado por profissionais que utilizam as mesmas t\u00e9cnicas de um advers\u00e1rio real, com o objetivo de medir o risco concreto de uma organiza\u00e7\u00e3o. A diferen\u00e7a entre um pentest e um ataque real \u00e9 apenas uma: a inten\u00e7\u00e3o. O pentester encontra a falha, prova que ela \u00e9 explor\u00e1vel e entrega o caminho para corrigi-la, em vez de causar danos.<\/p><p>A raz\u00e3o de sua exist\u00eancia \u00e9 simples. A maioria das ferramentas de seguran\u00e7a avalia o risco em teoria. Um scanner de vulnerabilidades sinaliza que uma porta est\u00e1 aberta ou que uma vers\u00e3o de software est\u00e1 desatualizada. Um pentest responde \u00e0 pergunta que o conselho realmente quer responder: um invasor pode realmente entrar, se mover pela rede e alcan\u00e7ar os dados cr\u00edticos? Essa distin\u00e7\u00e3o entre risco te\u00f3rico e risco explor\u00e1vel \u00e9 o valor central do teste.<\/p><p>De acordo com o relat\u00f3rio IBM Cost of a Data Breach 2024, o custo m\u00e9dio global de uma viola\u00e7\u00e3o de dados atingiu 4,88 milh\u00f5es de d\u00f3lares, o valor mais alto j\u00e1 registrado. O Verizon DBIR demonstra consistentemente que a maioria das viola\u00e7\u00f5es envolve a explora\u00e7\u00e3o de vulnerabilidades conhecidas e o fator humano. Um pentest ataca exatamente esses dois pontos: encontra a falha explor\u00e1vel e testa como a organiza\u00e7\u00e3o responde.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-73975a2 elementor-widget elementor-widget-heading\" data-id=\"73975a2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Como um pentest funciona na pr\u00e1tica<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b55ca5d elementor-widget elementor-widget-text-editor\" data-id=\"b55ca5d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Um pentest funciona em fases sequenciais que reproduzem o comportamento de um atacante real, desde o reconhecimento inicial at\u00e9 a documenta\u00e7\u00e3o do impacto. Metodologias como PTES (Penetration Testing Execution Standard) e NIST SP 800-115 formalizam essas fases para garantir consist\u00eancia e cobertura.<\/p><p>As fases essenciais s\u00e3o:<\/p><ol><li><strong>Planejamento e escopo.<\/strong> Define o que ser\u00e1 testado (alvos, sistemas, aplica\u00e7\u00f5es), o n\u00edvel de acesso concedido e as regras de engajamento. Este \u00e9 o passo que previne ru\u00eddo operacional e estabelece responsabilidade legal.<\/li><li>Coleta de informa\u00e7\u00f5es sobre o alvo, desde fontes p\u00fablicas at\u00e9 mapeamento de infraestrutura exposta. Isso espelha o que um atacante faria antes de agir.<\/li><li><strong>Enumera\u00e7\u00e3o e an\u00e1lise de vulnerabilidades.<\/strong> Identifica\u00e7\u00e3o de servi\u00e7os, vers\u00f5es, configura\u00e7\u00f5es e poss\u00edveis falhas. \u00c9 aqui que as t\u00e9cnicas manuais se combinam com ferramentas, pois um scanner sozinho n\u00e3o encontra falhas de l\u00f3gica de neg\u00f3cio.<\/li><li>O passo que separa um pentest de um scan. O especialista tenta explorar as falhas encontradas para provar que elas s\u00e3o reais e para medir o impacto.<\/li><li><strong>P\u00f3s-explora\u00e7\u00e3o e movimento lateral.<\/strong> Uma vez dentro, o pentester avalia at\u00e9 onde pode ir: escalando privil\u00e9gios, alcan\u00e7ando outros sistemas, chegando aos dados cr\u00edticos. \u00c9 isso que demonstra o risco real de um comprometimento.<\/li><li><strong>Documenta\u00e7\u00e3o e relat\u00f3rios.<\/strong> Um registro de todas as descobertas, com evid\u00eancias, classifica\u00e7\u00e3o de severidade e uma recomenda\u00e7\u00e3o de remedia\u00e7\u00e3o priorizada.<\/li><\/ol><p>\u00a0<\/p><p>A profundidade de cada fase depende do modelo de teste, detalhado adiante em caixa preta, caixa cinza e caixa branca.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a6ce82d elementor-widget elementor-widget-heading\" data-id=\"a6ce82d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Pentest, varredura de vulnerabilidades e Red Team: as diferen\u00e7as<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e6fbf81 elementor-widget elementor-widget-text-editor\" data-id=\"e6fbf81\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Confundir esses tr\u00eas conceitos \u00e9 o erro mais comum entre compradores de seguran\u00e7a ofensiva pela primeira vez. Eles resolvem problemas diferentes e n\u00e3o se substituem.<\/p><p>A <strong>escaneamento de vulnerabilidades<\/strong> \u00e9 automatizado e sinaliza falhas potenciais em escala, sem provar que s\u00e3o explor\u00e1veis. A <strong>teste de penetra\u00e7\u00e3o<\/strong> \u00e9 executado por humanos, valida quais falhas s\u00e3o realmente explor\u00e1veis e mede o impacto de um comprometimento dentro de um escopo e prazo definidos. A <strong>Equipe vermelha<\/strong> o exerc\u00edcio vai al\u00e9m: simula um advers\u00e1rio real e persistente, sem escopo restrito e sem avisar a equipe de defesa, a fim de testar n\u00e3o apenas a tecnologia, mas tamb\u00e9m as pessoas e os processos de detec\u00e7\u00e3o e resposta da organiza\u00e7\u00e3o.<\/p><p>A regra pr\u00e1tica: um scan \u00e9 para higiene cont\u00ednua, um pentest \u00e9 para validar riscos em pontos espec\u00edficos, e um Red Team \u00e9 para medir a maturidade de detec\u00e7\u00e3o de uma organiza\u00e7\u00e3o que j\u00e1 \u00e9 madura. A maioria das empresas come\u00e7a com um pentest e evolui para Red Team assim que seu SOC e controles est\u00e3o estabelecidos.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9941573 elementor-widget elementor-widget-heading\" data-id=\"9941573\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Tipos de pentest<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6bda419 elementor-widget elementor-widget-text-editor\" data-id=\"6bda419\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Os tipos de pentest variam de acordo com o alvo que est\u00e1 sendo testado e o n\u00edvel de conhecimento pr\u00e9vio concedido ao especialista. Escolher o tipo certo \u00e9 o que garante que o teste responda \u00e0 pergunta de risco que importa para a organiza\u00e7\u00e3o.<\/p><p>Por n\u00edvel de acesso:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-58c0dd4 ha-comparison-alignment-left elementor-widget elementor-widget-ha-comparison-table happy-addon ha-comparison-table\" data-id=\"58c0dd4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"ha-comparison-table.default\">\n\t\t\t\t\t\n\t\t<div class=\"ha-comparison-table-wrapper\">\n\t\t\t<div class=\"ha-comparison-table__head\" data-sticky-header=\"no\">\n\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__head-item elementor-repeater-item-f207115 icon-left\">\n\t\t\t\t\t\t\n\t\t\t\t\t\t<!--  -->\n\t\t\t\t\t\t<div class=\"ha-comparison-table__head-column-cell-title\">\n\t\t\t\t\t\t\t<h6 class=\"ha-comparison-table__head-column-cell-title-tag\">Modelo<\/h6>\t\t\t\t\t\t\t<div class=\"ha-comparison-table__head-column-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<!--  -->\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__head-item elementor-repeater-item-b620c01 icon-left\">\n\t\t\t\t\t\t\n\t\t\t\t\t\t<!--  -->\n\t\t\t\t\t\t<div class=\"ha-comparison-table__head-column-cell-title\">\n\t\t\t\t\t\t\t<h6 class=\"ha-comparison-table__head-column-cell-title-tag\">Conhecimento Pr\u00e9vio<\/h6>\t\t\t\t\t\t\t<div class=\"ha-comparison-table__head-column-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<!--  -->\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__head-item elementor-repeater-item-6eefc77 icon-left\">\n\t\t\t\t\t\t\n\t\t\t\t\t\t<!--  -->\n\t\t\t\t\t\t<div class=\"ha-comparison-table__head-column-cell-title\">\n\t\t\t\t\t\t\t<h6 class=\"ha-comparison-table__head-column-cell-title-tag\">Simula\u00e7\u00f5es<\/h6>\t\t\t\t\t\t\t<div class=\"ha-comparison-table__head-column-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<!--  -->\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__head-item elementor-repeater-item-ea1ba62 icon-left\">\n\t\t\t\t\t\t\n\t\t\t\t\t\t<!--  -->\n\t\t\t\t\t\t<div class=\"ha-comparison-table__head-column-cell-title\">\n\t\t\t\t\t\t\t<h6 class=\"ha-comparison-table__head-column-cell-title-tag\">Quando usar<\/h6>\t\t\t\t\t\t\t<div class=\"ha-comparison-table__head-column-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<!--  -->\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<div class=\"ha-comparison-table__row\">\n\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item\">\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell elementor-repeater-item-0ac2b0c elementor-repeater-item-f207115-sub\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-title\">\n\t\t\t\t\t\t\t\tCaixa Preta\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell elementor-repeater-item-c913ba6 elementor-repeater-item-b620c01-sub\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-title\">\n\t\t\t\t\t\t\t\tNenhum\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell elementor-repeater-item-57e38b6 elementor-repeater-item-6eefc77-sub\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-title\">\n\t\t\t\t\t\t\t\tAtacante externo sem informa\u00e7\u00e3o\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell elementor-repeater-item-09e54e5 elementor-repeater-item-ea1ba62-sub\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-title\">\n\t\t\t\t\t\t\t\tTeste de exposi\u00e7\u00e3o real visto de fora\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item\">\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell elementor-repeater-item-825e8a2 elementor-repeater-item-f207115-sub\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-title\">\n\t\t\t\t\t\t\t\tCaixa Cinza\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell elementor-repeater-item-b6f2c93 elementor-repeater-item-b620c01-sub\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-title\">\n\t\t\t\t\t\t\t\tParcial (uma credencial de usu\u00e1rio padr\u00e3o)\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell elementor-repeater-item-a4b303e elementor-repeater-item-6eefc77-sub\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-title\">\n\t\t\t\t\t\t\t\tInsider ou um atacante que j\u00e1 tem acesso\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell elementor-repeater-item-e52437b elementor-repeater-item-ea1ba62-sub\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-title\">\n\t\t\t\t\t\t\t\tMelhor custo-benef\u00edcio e cobertura\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item\">\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell elementor-repeater-item-0c60a64 elementor-repeater-item-f207115-sub\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-title\">\n\t\t\t\t\t\t\t\tCaixa branca\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell elementor-repeater-item-c9ee624 elementor-repeater-item-b620c01-sub\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-title\">\n\t\t\t\t\t\t\t\tCompleto (c\u00f3digo, arquitetura, credenciais)\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell elementor-repeater-item-7a22c21 elementor-repeater-item-6eefc77-sub\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-title\">\n\t\t\t\t\t\t\t\tAn\u00e1lise profunda com acesso completo\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell elementor-repeater-item-bbd022f elementor-repeater-item-ea1ba62-sub\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-title\">\n\t\t\t\t\t\t\t\tAplica\u00e7\u00f5es cr\u00edticas e revis\u00e3o de c\u00f3digo\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"ha-comparison-table__row-item-cell-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t<div class=\"ha-comparison-table__btns\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-74f2c2f elementor-widget elementor-widget-text-editor\" data-id=\"74f2c2f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Por alvo:<\/p><ul><li><strong>Pentest externo<\/strong> avalia o per\u00edmetro exposto \u00e0 internet (sites, VPN, servidores p\u00fablicos, e-mail).<\/li><li><strong>Pentest interno:<\/strong> simula uma amea\u00e7a j\u00e1 dentro da rede, seja um invasor interno ou um atacante que rompeu o per\u00edmetro.<\/li><li><strong>Pentest de aplica\u00e7\u00e3o web:<\/strong> foca em falhas de aplica\u00e7\u00e3o, guiado pelo OWASP Top 10 (inje\u00e7\u00e3o, autentica\u00e7\u00e3o quebrada, exposi\u00e7\u00e3o de dados).<\/li><li><strong>Teste de penetra\u00e7\u00e3o mobile e API:<\/strong> avalia aplicativos e as interfaces que os alimentam.<\/li><li><strong>Engenharia social:<\/strong> testa o fator humano com phishing e pretexting controlados.<\/li><\/ul><p>\u00a0<\/p><p><strong>Pentest de infraestrutura em nuvem<\/strong> avalia configura\u00e7\u00f5es da AWS, Azure ou GCP, onde a m\u00e1 configura\u00e7\u00e3o \u00e9 a principal causa de exposi\u00e7\u00e3o.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9abb259 elementor-widget elementor-widget-heading\" data-id=\"9abb259\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Metodologias de pentest reconhecidas<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-881f084 elementor-widget elementor-widget-text-editor\" data-id=\"881f084\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Um pentest s\u00e9rio \u00e9 executado com metodologia formal, n\u00e3o com a improvisa\u00e7\u00e3o de quem o executa. A metodologia garante cobertura, repetibilidade e compara\u00e7\u00e3o entre testes ao longo do tempo. As principais refer\u00eancias:<\/p><ul><li><strong>PTES (Padr\u00e3o de Execu\u00e7\u00e3o de Teste de Penetra\u00e7\u00e3o):<\/strong> define as sete fases padr\u00e3o de um teste, desde o pr\u00e9-engajamento at\u00e9 o relat\u00f3rio.<\/li><li><strong>OWASP Testing Guide e OWASP Top 10:<\/strong> a refer\u00eancia para testes de aplicativos web e a lista das falhas mais cr\u00edticas.<\/li><li><strong>NIST SP 800-115:<\/strong> o Guia T\u00e9cnico do NIST para Avalia\u00e7\u00e3o de Seguran\u00e7a da Informa\u00e7\u00e3o.<\/li><li><strong>OSSTMM:<\/strong> uma metodologia de testes de seguran\u00e7a manual orientada a m\u00e9tricas.<\/li><li><strong>MITRE ATT&amp;CK:<\/strong> uma base de conhecimento de t\u00e1ticas e t\u00e9cnicas de advers\u00e1rios reais, usada para mapear e simular o comportamento de amea\u00e7as.<\/li><\/ul><p>\u00a0<\/p><p>Usando estas metodologias, al\u00e9m de elevar a qualidade t\u00e9cnica, \u00e9 o que torna o relat\u00f3rio defens\u00e1vel perante auditores e reguladores.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5b011cf elementor-widget elementor-widget-heading\" data-id=\"5b011cf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Quanto custa um pentest<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b3efeee elementor-widget elementor-widget-text-editor\" data-id=\"b3efeee\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>O custo de um pentest varia de acordo com o escopo, a complexidade e a profundidade, e no mercado brasileiro geralmente \u00e9 precificado por projeto ou por dia de trabalho especializado. N\u00e3o existe uma tabela de pre\u00e7os pois testar um \u00fanico site corporativo e testar toda uma infraestrutura financeira s\u00e3o trabalhos de ordens de magnitude diferentes.<\/p><p>Os principais fatores que influenciam o pre\u00e7o:<\/p><ol><li><strong>Tamanho do escopo:<\/strong> o n\u00famero de IPs, aplicativos, endpoints e ambientes para testar.<\/li><li><strong>Teste do modelo:<\/strong> caixa preta, caixa cinza ou caixa branca (caixa branca geralmente exige mais horas).<\/li><li><strong>Complexidade t\u00e9cnica:<\/strong> aplicativos personalizados, arquitetura em nuvem e sistemas legados aumentam o esfor\u00e7o.<\/li><li><strong>Senioridade da equipe:<\/strong> profissionais com certifica\u00e7\u00f5es como OSCP entregam uma profundidade que nenhuma ferramenta substitui, e isso se reflete no pre\u00e7o.<\/li><li><strong>Requisito de conformidade:<\/strong> testes voltados para PCI-DSS ou ISO 27001 exigem rigor adicional na documenta\u00e7\u00e3o.<\/li><\/ol><p>O erro cl\u00e1ssico na compra \u00e9 escolher pelo menor pre\u00e7o. Um teste barato geralmente \u00e9 uma varredura automatizada disfar\u00e7ada de pentest, que entrega uma lista de falsos positivos e nenhuma prova de explora\u00e7\u00e3o. O crit\u00e9rio de decis\u00e3o correto \u00e9 a profundidade da metodologia e a qualidade do relat\u00f3rio, n\u00e3o o pre\u00e7o isoladamente.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-840a07f elementor-widget elementor-widget-heading\" data-id=\"840a07f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Testes de penetra\u00e7\u00e3o e conformidade: LGPD, ISO 27001 e PCI-DSS<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-155465b elementor-widget elementor-widget-text-editor\" data-id=\"155465b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Um pentest \u00e9 um controle reconhecido por m\u00faltiplos padr\u00f5es de seguran\u00e7a e prote\u00e7\u00e3o de dados, servindo como evid\u00eancia objetiva de que a organiza\u00e7\u00e3o avalia ativamente seus riscos. Embora nem todo padr\u00e3o use a palavra \u201cpentest\u201d literalmente, todos eles exigem a verifica\u00e7\u00e3o regular de vulnerabilidades.<\/p><ul><li><strong>LGPD (Lei 13.709\/2018, Brasil):<\/strong> requer medidas de seguran\u00e7a t\u00e9cnicas e administrativas para proteger dados pessoais. Um pentest \u00e9 uma das maneiras mais diretas de demonstrar essa dilig\u00eancia \u00e0 ANPD, especialmente ap\u00f3s um incidente.<\/li><li><strong>ISO\/IEC 27001:2022:<\/strong> aborda o gerenciamento cont\u00ednuo de vulnerabilidades t\u00e9cnicas e a avalia\u00e7\u00e3o cont\u00ednua de controles, e um pentest \u00e9 a pr\u00e1tica usual para atender a esses requisitos.<\/li><li><strong>PCI-DSS v4.0:<\/strong> para qualquer pessoa que processe dados de titulares de cart\u00e3o, o teste de penetra\u00e7\u00e3o \u00e9 obrigat\u00f3rio, com frequ\u00eancia definida e um novo teste ap\u00f3s altera\u00e7\u00f5es significativas.<\/li><li><strong>Resolu\u00e7\u00e3o do BACEN 4.658 (Brasil):<\/strong> para institui\u00e7\u00f5es financeiras, refor\u00e7a a exig\u00eancia de testes e avalia\u00e7\u00f5es de seguran\u00e7a.<\/li><\/ul><p>\u00a0<\/p><p>Em resumo, um pentest n\u00e3o \u00e9 mais apenas uma boa pr\u00e1tica t\u00e9cnica. Tornou-se um item de conformidade e uma defesa legal.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-550c0b5 elementor-widget elementor-widget-heading\" data-id=\"550c0b5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Com que frequ\u00eancia executar um pentest<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2642753 elementor-widget elementor-widget-text-editor\" data-id=\"2642753\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>A recomenda\u00e7\u00e3o do mercado \u00e9 realizar um pentest pelo menos uma vez por ano, e sempre ap\u00f3s mudan\u00e7as significativas na infraestrutura, em aplica\u00e7\u00f5es cr\u00edticas ou na arquitetura de rede. A frequ\u00eancia anual \u00e9 o piso, n\u00e3o o teto.<\/p><p>Gatilhos que justificam um novo teste independentemente do calend\u00e1rio: lan\u00e7amento ou atualiza\u00e7\u00e3o pesada de um aplicativo, migra\u00e7\u00e3o para a nuvem, uma fus\u00e3o ou aquisi\u00e7\u00e3o, um requisito de um novo contrato ou auditoria e a resposta a um incidente. Ambientes de alta criticidade, como o setor financeiro, tendem a adotar uma cad\u00eancia semestral ou trimestral para seus ativos mais expostos.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-239343f elementor-widget elementor-widget-heading\" data-id=\"239343f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Como o Mercurius executa um teste de penetra\u00e7\u00e3o<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-10292ad elementor-widget elementor-widget-text-editor\" data-id=\"10292ad\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>A Mercurius aborda o pentesting com uma mentalidade verdadeiramente ofensiva, executada por engenheiros certificados (OSCP, OSWE, entre outras credenciais) que pensam como o atacante para proteger como um estrategista. O diferencial n\u00e3o \u00e9 rodar uma ferramenta. \u00c9 comprovar o risco explor\u00e1vel, mapear o caminho que um advers\u00e1rio percorreria e traduzir a descoberta t\u00e9cnica em uma decis\u00e3o de neg\u00f3cios para a diretoria.<\/p><p>Todo projeto segue metodologias reconhecidas (PTES, OWASP, NIST SP 800-115) e \u00e9 mapeado para o MITRE ATT&amp;CK, com um relat\u00f3rio que prioriza a remedia\u00e7\u00e3o por impacto real, n\u00e3o pela severidade gen\u00e9rica de um scanner.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ebbb07c elementor-widget elementor-widget-heading\" data-id=\"ebbb07c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Perguntas frequentes sobre pentest<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f30ded2 elementor-widget elementor-widget-text-editor\" data-id=\"f30ded2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><strong>Qual \u00e9 a diferen\u00e7a entre um pentest e uma avalia\u00e7\u00e3o de vulnerabilidades?<\/strong> Uma avalia\u00e7\u00e3o de vulnerabilidade \u00e9 automatizada e lista falhas potenciais em escala, sem provar que s\u00e3o explor\u00e1veis. Um pentest \u00e9 executado por especialistas que exploram as falhas para provar que s\u00e3o reais e para medir o impacto de um comprometimento. Um aponta para risco te\u00f3rico, o outro valida o risco explor\u00e1vel.<\/p><p><strong>Um pentest \u00e9 exigido por lei?<\/strong> Leis de prote\u00e7\u00e3o de dados como a LGPD no Brasil n\u00e3o usam a palavra pentest literalmente, mas exigem medidas de seguran\u00e7a t\u00e9cnica adequadas para proteger dados pessoais, e um pentest \u00e9 uma das formas mais aceitas de demonstrar essa dilig\u00eancia. Para empresas que processam dados de titulares de cart\u00e3o, o PCI-DSS torna o teste explicitamente obrigat\u00f3rio.<\/p><p><strong>Quanto tempo leva um pentest?<\/strong> Depende do escopo. Um teste focado em uma \u00fanica aplica\u00e7\u00e3o geralmente leva de uma a duas semanas. Um projeto que abrange infraestrutura externa e interna, al\u00e9m de aplica\u00e7\u00f5es, pode se estender por v\u00e1rias semanas, incluindo documenta\u00e7\u00e3o e o reteste de corre\u00e7\u00f5es.<\/p><p><strong>O que um bom relat\u00f3rio de pentest deve conter?<\/strong> Um relat\u00f3rio s\u00e9rio inclui um resumo executivo em linguagem de neg\u00f3cios, a lista de achados com prova de explora\u00e7\u00e3o, a classifica\u00e7\u00e3o de gravidade e impacto real, uma recomenda\u00e7\u00e3o de remedia\u00e7\u00e3o priorizada e, idealmente, um mapeamento para o MITRE ATT&amp;CK. Um relat\u00f3rio que apenas entrega uma lista de sa\u00edda de scanner n\u00e3o \u00e9 um pentest.<\/p><p><strong>Um pentest pode derrubar seus sistemas?<\/strong> Um pentest profissional \u00e9 executado com regras de engajamento acordadas que minimizam o risco operacional. T\u00e9cnicas de alto impacto s\u00e3o executadas apenas com autoriza\u00e7\u00e3o expl\u00edcita e, quando necess\u00e1rio, em um ambiente controlado ou fora do hor\u00e1rio de pico. A discuss\u00e3o de escopo na fase de planejamento existe justamente para isso.<\/p><p><strong>Qual \u00e9 a diferen\u00e7a entre um pentest e uma Red Team?<\/strong> Um pentest tem um escopo e prazo definidos e foca em encontrar e provar vulnerabilidades em alvos espec\u00edficos. Uma Red Team simula um advers\u00e1rio real e persistente, sem um escopo restrito e sem avisar a equipe de defesa, para tamb\u00e9m testar a capacidade de detec\u00e7\u00e3o e resposta da organiza\u00e7\u00e3o. Red Team \u00e9 o pr\u00f3ximo passo para empresas com controles j\u00e1 maduros.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-acaa09f e-flex e-con-boxed e-con e-parent\" data-id=\"acaa09f\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-92175f7 elementor-widget elementor-widget-heading\" data-id=\"92175f7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Veja sua rede como um atacante faria \u2014 antes que ele o fa\u00e7a!<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c77b28f elementor-widget elementor-widget-text-editor\" data-id=\"c77b28f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>A Mercurius realiza testes de Red Team com lideran\u00e7a manual, testes de penetra\u00e7\u00e3o e avalia\u00e7\u00f5es de nuvem que n\u00e3o apenas listam vulnerabilidades, mas provam o caminho exato que um advers\u00e1rio seguiria para chegar aos seus ativos mais valiosos e como fech\u00e1-lo.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f681bf5 elementor-widget elementor-widget-html\" data-id=\"f681bf5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t\t<!-- ===========================================================\r\n     MERCURIUS \u2014 Attack Path Widget (standalone \/ Elementor-ready)\r\n     Paste this whole block into an Elementor \"HTML\" widget.\r\n     All CSS is scoped under .ms-apath-wrap to avoid theme conflicts.\r\n     The trace animation runs on the published page (it may not\r\n     preview inside the Elementor editor).\r\n     =========================================================== -->\r\n<div class=\"ms-apath-wrap\">\r\n  <div class=\"ms-apath-card\">\r\n    <div class=\"ms-apath-head\">\r\n      <span class=\"ms-apath-title\">Caminho de Ataque \u2192 Joias da Coroa<\/span>\r\n      <span class=\"ms-apath-tag\">TIME VERMELHO<\/span>\r\n    <\/div>\r\n\r\n    <svg class=\"ms-apath-svg\" viewbox=\"0 0 540 320\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" role=\"img\"\r\n         aria-label=\"Caminho de ataque ilustrativo: Reconhecimento Externo at\u00e9 Joias da Coroa\">\r\n      <!-- connecting path -->\r\n      <path class=\"ms-apath-line\" d=\"M64 44 C 116 44, 116 104, 158 104 S 210 166, 256 166 S 314 228, 346 228 S 402 290, 430 290\"\/>\r\n\r\n      <!-- node 1 -->\r\n      <g class=\"ms-apath-node ms-apath-n1\">\r\n        <circle class=\"ms-apath-ring\" cx=\"64\" cy=\"44\" r=\"9.5\"\/>\r\n        <circle class=\"ms-apath-core\" cx=\"64\" cy=\"44\" r=\"3.5\"\/>\r\n        <text class=\"ms-apath-lbl\" x=\"86\" y=\"41\">Reconhecimento Externo<\/text>\r\n        <text class=\"ms-apath-sub\" x=\"86\" y=\"55\">TA0043 \u00b7 Ativo exposto<\/text>\r\n      <\/g>\r\n      <!-- node 2 -->\r\n      <g class=\"ms-apath-node ms-apath-n2\">\r\n        <circle class=\"ms-apath-ring\" cx=\"158\" cy=\"104\" r=\"9.5\"\/>\r\n        <circle class=\"ms-apath-core\" cx=\"158\" cy=\"104\" r=\"3.5\"\/>\r\n        <text class=\"ms-apath-lbl\" x=\"180\" y=\"101\">Acesso Inicial<\/text>\r\n        <text class=\"ms-apath-sub\" x=\"180\" y=\"115\">TA0001 \u00b7 Explora\u00e7\u00e3o da Web<\/text>\r\n      <\/g>\r\n      <!-- node 3 -->\r\n      <g class=\"ms-apath-node ms-apath-n3\">\r\n        <circle class=\"ms-apath-ring\" cx=\"256\" cy=\"166\" r=\"9.5\"\/>\r\n        <circle class=\"ms-apath-core\" cx=\"256\" cy=\"166\" r=\"3.5\"\/>\r\n        <text class=\"ms-apath-lbl\" x=\"278\" y=\"163\">Escalonamento Priv.<\/text>\r\n        <text class=\"ms-apath-sub\" x=\"278\" y=\"177\">TA0004 \u00b7 configura\u00e7\u00e3o incorreta<\/text>\r\n      <\/g>\r\n      <!-- node 4 -->\r\n      <g class=\"ms-apath-node ms-apath-n4\">\r\n        <circle class=\"ms-apath-ring\" cx=\"346\" cy=\"228\" r=\"9.5\"\/>\r\n        <circle class=\"ms-apath-core\" cx=\"346\" cy=\"228\" r=\"3.5\"\/>\r\n        <text class=\"ms-apath-lbl\" x=\"368\" y=\"225\">Movimento lateral<\/text>\r\n        <text class=\"ms-apath-sub\" x=\"368\" y=\"239\">TA0008 \u00b7 reutiliza\u00e7\u00e3o de cr\u00e9ditos<\/text>\r\n      <\/g>\r\n      <!-- node 5 (objective) -->\r\n      <g class=\"ms-apath-node ms-apath-n5 ms-apath-final\">\r\n        <circle class=\"ms-apath-pulse\" cx=\"430\" cy=\"290\" r=\"14\"\/>\r\n        <circle class=\"ms-apath-ring\" cx=\"430\" cy=\"290\" r=\"11\"\/>\r\n        <circle class=\"ms-apath-core ms-apath-core-obj\" cx=\"430\" cy=\"290\" r=\"4\"\/>\r\n        <text class=\"ms-apath-lbl ms-apath-lbl-obj\" x=\"346\" y=\"294\">Joias da Coroa<\/text>\r\n      <\/g>\r\n    <\/svg>\r\n\r\n    <div class=\"ms-apath-foot\">\r\n      <span>5 passos \u00b7 0 alertas acionados<\/span>\r\n      <span class=\"ms-apath-obj\">\u25cf objetivo alcan\u00e7ado<\/span>\r\n    <\/div>\r\n  <\/div>\r\n<\/div>\r\n\r\n<style>\r\n  .ms-apath-wrap{\r\n    --ms-ink:#161614; --ms-cyan:#5CDAF5; --ms-orange:#FF9A3A;\r\n    --ms-line:rgba(255,255,255,.09); --ms-line2:rgba(255,255,255,.14);\r\n    --ms-mono:'JetBrains Mono',ui-monospace,'SFMono-Regular',Menlo,Consolas,monospace;\r\n    width:100%; max-width:540px; margin:0 auto; box-sizing:border-box;\r\n  }\r\n  .ms-apath-wrap *{box-sizing:border-box}\r\n  .ms-apath-card{\r\n    background:linear-gradient(165deg,#16161d,#101015);\r\n    border:1px solid var(--ms-line2); border-radius:16px;\r\n    padding:22px 22px 18px; box-shadow:0 30px 70px rgba(0,0,0,.5);\r\n  }\r\n  .ms-apath-head{display:flex;align-items:center;justify-content:space-between;margin-bottom:4px}\r\n  .ms-apath-title{font-family:var(--ms-mono);font-size:12px;letter-spacing:.12em;text-transform:uppercase;color:#cfd2da}\r\n  .ms-apath-tag{font-family:var(--ms-mono);font-size:11px;color:var(--ms-orange);\r\n    border:1px solid rgba(255,154,58,.4);border-radius:5px;padding:3px 8px}\r\n  .ms-apath-svg{width:100%;height:auto;display:block;overflow:visible}\r\n\r\n  .ms-apath-lbl{font-family:var(--ms-mono);font-size:11px;fill:#d6d8e0}\r\n  .ms-apath-sub{font-family:var(--ms-mono);font-size:9px;fill:#8a8e98;letter-spacing:.02em}\r\n  .ms-apath-lbl-obj{fill:var(--ms-orange)}\r\n  .ms-apath-ring{fill:#13131a;stroke:var(--ms-cyan);stroke-width:2}\r\n  .ms-apath-core{fill:var(--ms-cyan)}\r\n  .ms-apath-core-obj{fill:var(--ms-orange)}\r\n  .ms-apath-final .ms-apath-ring{stroke:var(--ms-orange)}\r\n\r\n  \/* static by default; animation classes added when in view *\/\r\n  .ms-apath-line{fill:none;stroke:var(--ms-cyan);stroke-width:2;stroke-linecap:round}\r\n  .ms-apath-node{transform-box:fill-box;transform-origin:center}\r\n\r\n  .ms-apath-wrap.ms-go .ms-apath-line{\r\n    stroke-dasharray:560;stroke-dashoffset:560;\r\n    animation:ms-apath-trace 3.4s ease-in-out .2s forwards;\r\n  }\r\n  .ms-apath-wrap.ms-go .ms-apath-node{opacity:0;animation:ms-apath-pop .5s ease forwards}\r\n  .ms-apath-wrap.ms-go .ms-apath-n1{animation-delay:.3s}\r\n  .ms-apath-wrap.ms-go .ms-apath-n2{animation-delay:.95s}\r\n  .ms-apath-wrap.ms-go .ms-apath-n3{animation-delay:1.6s}\r\n  .ms-apath-wrap.ms-go .ms-apath-n4{animation-delay:2.25s}\r\n  .ms-apath-wrap.ms-go .ms-apath-n5{animation-delay:2.9s}\r\n  .ms-apath-wrap.ms-go .ms-apath-pulse{\r\n    fill:none;stroke:var(--ms-orange);stroke-width:2;\r\n    animation:ms-apath-ping 2s ease-out 3s infinite;\r\n  }\r\n  .ms-apath-pulse{fill:none;stroke:none}\r\n\r\n  @keyframes ms-apath-trace{to{stroke-dashoffset:0}}\r\n  @keyframes ms-apath-pop{from{opacity:0;transform:scale(.6)}to{opacity:1;transform:scale(1)}}\r\n  @keyframes ms-apath-ping{0%{r:12;opacity:.7}100%{r:30;opacity:0}}\r\n\r\n  .ms-apath-foot{display:flex;align-items:center;justify-content:space-between;\r\n    margin-top:14px;padding-top:13px;border-top:1px solid var(--ms-line);\r\n    font-family:var(--ms-mono);font-size:11px;color:#6f727a}\r\n  .ms-apath-obj{color:var(--ms-orange)}\r\n\r\n  @media (prefers-reduced-motion:reduce){\r\n    .ms-apath-wrap.ms-go .ms-apath-line{animation:none;stroke-dashoffset:0}\r\n    .ms-apath-wrap.ms-go .ms-apath-node{animation:none;opacity:1}\r\n    .ms-apath-wrap.ms-go .ms-apath-pulse{animation:none}\r\n  }\r\n<\/style>\r\n\r\n<script>\r\n(function(){\r\n  var wrap = document.currentScript && document.currentScript.previousElementSibling\r\n    ? document.querySelector('.ms-apath-wrap') : document.querySelector('.ms-apath-wrap');\r\n  if(!wrap || wrap.dataset.msInit) return;        \/\/ guard against double init\r\n  wrap.dataset.msInit = '1';\r\n  var fire = function(){ wrap.classList.add('ms-go'); };\r\n  if('IntersectionObserver' in window){\r\n    var io = new IntersectionObserver(function(es){\r\n      es.forEach(function(e){ if(e.isIntersecting){ fire(); io.disconnect(); } });\r\n    }, {threshold:.35});\r\n    io.observe(wrap);\r\n  } else {\r\n    fire();                                        \/\/ fallback: just play\r\n  }\r\n})();\r\n<\/script>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4258b32 elementor-widget elementor-widget-heading\" data-id=\"4258b32\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Saiba mais sobre o servi\u00e7o de pentest e seguran\u00e7a ofensiva da Mercurius<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-70513e9 elementor-button-info elementor-align-justify animated-fast elementor-invisible elementor-widget elementor-widget-button\" data-id=\"70513e9\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;headShake&quot;}\" data-widget_type=\"button.default\">\n\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/mscyber.tech\/pt\/seguranca-ofensiva\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Saiba mais<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>A pentest (penetration test) is an offensive security practice in which specialists simulate real attacks against an organization\u2019s systems, networks, or applications to find vulnerabilities before criminals can exploit them. The practice follows recognized methodologies such as PTES, OWASP, and NIST SP 800-115, and it is required or recommended by standards like ISO 27001, PCI-DSS, [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":3237,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[],"class_list":["post-3235","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-offensive-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What Is a Pentest? A Complete Guide for Companies - Mercurius Cybersecurity<\/title>\n<meta name=\"description\" content=\"A pentest simulates real attacks to find flaws before criminals do. Learn the types, methodologies, cost, and when to run one at your company.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mscyber.tech\/pt\/o-que-e-um-pentest\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is a Pentest? A Complete Guide for Companies - Mercurius Cybersecurity\" \/>\n<meta property=\"og:description\" content=\"A pentest simulates real attacks to find flaws before criminals do. Learn the types, methodologies, cost, and when to run one at your company.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mscyber.tech\/pt\/o-que-e-um-pentest\/\" \/>\n<meta property=\"og:site_name\" content=\"Mercurius Cybersecurity\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-08T22:22:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-09T01:56:42+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/mscyber.tech\/wp-content\/uploads\/2026\/07\/Especialista-realizando-um-pentest-em-uma-rede-corporativa.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"kaue.simoes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"kaue.simoes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/mscyber.tech\\\/what-is-a-pentest\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mscyber.tech\\\/what-is-a-pentest\\\/\"},\"author\":{\"name\":\"kaue.simoes\",\"@id\":\"https:\\\/\\\/mscyber.tech\\\/#\\\/schema\\\/person\\\/2e057da44c0b9c841b3b8acba1459547\"},\"headline\":\"What Is a Pentest? A Complete Guide for Companies\",\"datePublished\":\"2026-07-08T22:22:46+00:00\",\"dateModified\":\"2026-07-09T01:56:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mscyber.tech\\\/what-is-a-pentest\\\/\"},\"wordCount\":2064,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/mscyber.tech\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/mscyber.tech\\\/what-is-a-pentest\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mscyber.tech\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/Especialista-realizando-um-pentest-em-uma-rede-corporativa.jpg\",\"articleSection\":[\"Offensive Security\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/mscyber.tech\\\/what-is-a-pentest\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mscyber.tech\\\/what-is-a-pentest\\\/\",\"url\":\"https:\\\/\\\/mscyber.tech\\\/what-is-a-pentest\\\/\",\"name\":\"What Is a Pentest? A Complete Guide for Companies - Mercurius Cybersecurity\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mscyber.tech\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/mscyber.tech\\\/what-is-a-pentest\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/mscyber.tech\\\/what-is-a-pentest\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mscyber.tech\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/Especialista-realizando-um-pentest-em-uma-rede-corporativa.jpg\",\"datePublished\":\"2026-07-08T22:22:46+00:00\",\"dateModified\":\"2026-07-09T01:56:42+00:00\",\"description\":\"A pentest simulates real attacks to find flaws before criminals do. Learn the types, methodologies, cost, and when to run one at your company.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mscyber.tech\\\/what-is-a-pentest\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/mscyber.tech\\\/what-is-a-pentest\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/mscyber.tech\\\/what-is-a-pentest\\\/#primaryimage\",\"url\":\"https:\\\/\\\/mscyber.tech\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/Especialista-realizando-um-pentest-em-uma-rede-corporativa.jpg\",\"contentUrl\":\"https:\\\/\\\/mscyber.tech\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/Especialista-realizando-um-pentest-em-uma-rede-corporativa.jpg\",\"width\":600,\"height\":450,\"caption\":\"Especialista realizando um pentest em uma rede corporativa\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mscyber.tech\\\/what-is-a-pentest\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mscyber.tech\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is a Pentest? A Complete Guide for Companies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mscyber.tech\\\/#website\",\"url\":\"https:\\\/\\\/mscyber.tech\\\/\",\"name\":\"Mercurius Cybersecurity\",\"description\":\"AI-Driven Cyber resilience for critical organizations\",\"publisher\":{\"@id\":\"https:\\\/\\\/mscyber.tech\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/mscyber.tech\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/mscyber.tech\\\/#organization\",\"name\":\"Mercurius Cybersecurity\",\"url\":\"https:\\\/\\\/mscyber.tech\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/mscyber.tech\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/mscyber.tech\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/MERCURIUS-LOGO-Light-Color-2.svg\",\"contentUrl\":\"https:\\\/\\\/mscyber.tech\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/MERCURIUS-LOGO-Light-Color-2.svg\",\"width\":289,\"height\":48,\"caption\":\"Mercurius Cybersecurity\"},\"image\":{\"@id\":\"https:\\\/\\\/mscyber.tech\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mscyber.tech\\\/#\\\/schema\\\/person\\\/2e057da44c0b9c841b3b8acba1459547\",\"name\":\"kaue.simoes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/63c12ac971cb2964499a31feebfd9948fa35f6fa184fe2c25d8444b67112460a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/63c12ac971cb2964499a31feebfd9948fa35f6fa184fe2c25d8444b67112460a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/63c12ac971cb2964499a31feebfd9948fa35f6fa184fe2c25d8444b67112460a?s=96&d=mm&r=g\",\"caption\":\"kaue.simoes\"},\"url\":\"https:\\\/\\\/mscyber.tech\\\/pt\\\/author\\\/kaue-simoes\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"O Que \u00e9 Pentest? Um Guia Completo para Empresas - Mercurius Cybersecurity","description":"Um pentest simula ataques reais para encontrar falhas antes que criminosos o fa\u00e7am. Saiba os tipos, metodologias, custos e quando realizar um em sua empresa.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mscyber.tech\/pt\/o-que-e-um-pentest\/","og_locale":"pt_BR","og_type":"article","og_title":"What Is a Pentest? A Complete Guide for Companies - Mercurius Cybersecurity","og_description":"A pentest simulates real attacks to find flaws before criminals do. Learn the types, methodologies, cost, and when to run one at your company.","og_url":"https:\/\/mscyber.tech\/pt\/o-que-e-um-pentest\/","og_site_name":"Mercurius Cybersecurity","article_published_time":"2026-07-08T22:22:46+00:00","article_modified_time":"2026-07-09T01:56:42+00:00","og_image":[{"width":600,"height":450,"url":"http:\/\/mscyber.tech\/wp-content\/uploads\/2026\/07\/Especialista-realizando-um-pentest-em-uma-rede-corporativa.jpg","type":"image\/jpeg"}],"author":"kaue.simoes","twitter_card":"summary_large_image","twitter_misc":{"Escrito por":"kaue.simoes","Est. tempo de leitura":"10 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mscyber.tech\/what-is-a-pentest\/#article","isPartOf":{"@id":"https:\/\/mscyber.tech\/what-is-a-pentest\/"},"author":{"name":"kaue.simoes","@id":"https:\/\/mscyber.tech\/#\/schema\/person\/2e057da44c0b9c841b3b8acba1459547"},"headline":"What Is a Pentest? A Complete Guide for Companies","datePublished":"2026-07-08T22:22:46+00:00","dateModified":"2026-07-09T01:56:42+00:00","mainEntityOfPage":{"@id":"https:\/\/mscyber.tech\/what-is-a-pentest\/"},"wordCount":2064,"commentCount":0,"publisher":{"@id":"https:\/\/mscyber.tech\/#organization"},"image":{"@id":"https:\/\/mscyber.tech\/what-is-a-pentest\/#primaryimage"},"thumbnailUrl":"https:\/\/mscyber.tech\/wp-content\/uploads\/2026\/07\/Especialista-realizando-um-pentest-em-uma-rede-corporativa.jpg","articleSection":["Offensive Security"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/mscyber.tech\/what-is-a-pentest\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/mscyber.tech\/what-is-a-pentest\/","url":"https:\/\/mscyber.tech\/what-is-a-pentest\/","name":"O Que \u00e9 Pentest? Um Guia Completo para Empresas - Mercurius Cybersecurity","isPartOf":{"@id":"https:\/\/mscyber.tech\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mscyber.tech\/what-is-a-pentest\/#primaryimage"},"image":{"@id":"https:\/\/mscyber.tech\/what-is-a-pentest\/#primaryimage"},"thumbnailUrl":"https:\/\/mscyber.tech\/wp-content\/uploads\/2026\/07\/Especialista-realizando-um-pentest-em-uma-rede-corporativa.jpg","datePublished":"2026-07-08T22:22:46+00:00","dateModified":"2026-07-09T01:56:42+00:00","description":"Um pentest simula ataques reais para encontrar falhas antes que criminosos o fa\u00e7am. Saiba os tipos, metodologias, custos e quando realizar um em sua empresa.","breadcrumb":{"@id":"https:\/\/mscyber.tech\/what-is-a-pentest\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mscyber.tech\/what-is-a-pentest\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/mscyber.tech\/what-is-a-pentest\/#primaryimage","url":"https:\/\/mscyber.tech\/wp-content\/uploads\/2026\/07\/Especialista-realizando-um-pentest-em-uma-rede-corporativa.jpg","contentUrl":"https:\/\/mscyber.tech\/wp-content\/uploads\/2026\/07\/Especialista-realizando-um-pentest-em-uma-rede-corporativa.jpg","width":600,"height":450,"caption":"Especialista realizando um pentest em uma rede corporativa"},{"@type":"BreadcrumbList","@id":"https:\/\/mscyber.tech\/what-is-a-pentest\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/mscyber.tech\/"},{"@type":"ListItem","position":2,"name":"What Is a Pentest? A Complete Guide for Companies"}]},{"@type":"WebSite","@id":"https:\/\/mscyber.tech\/#website","url":"https:\/\/mscyber.tech\/","name":"Mercurius Cybersecurity","description":"Resili\u00eancia cibern\u00e9tica impulsionada por IA para organiza\u00e7\u00f5es cr\u00edticas","publisher":{"@id":"https:\/\/mscyber.tech\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mscyber.tech\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/mscyber.tech\/#organization","name":"Mercurius Cybersecurity","url":"https:\/\/mscyber.tech\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/mscyber.tech\/#\/schema\/logo\/image\/","url":"https:\/\/mscyber.tech\/wp-content\/uploads\/2025\/09\/MERCURIUS-LOGO-Light-Color-2.svg","contentUrl":"https:\/\/mscyber.tech\/wp-content\/uploads\/2025\/09\/MERCURIUS-LOGO-Light-Color-2.svg","width":289,"height":48,"caption":"Mercurius Cybersecurity"},"image":{"@id":"https:\/\/mscyber.tech\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/mscyber.tech\/#\/schema\/person\/2e057da44c0b9c841b3b8acba1459547","name":"kaue.simoes","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/63c12ac971cb2964499a31feebfd9948fa35f6fa184fe2c25d8444b67112460a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/63c12ac971cb2964499a31feebfd9948fa35f6fa184fe2c25d8444b67112460a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63c12ac971cb2964499a31feebfd9948fa35f6fa184fe2c25d8444b67112460a?s=96&d=mm&r=g","caption":"kaue.simoes"},"url":"https:\/\/mscyber.tech\/pt\/author\/kaue-simoes\/"}]}},"_links":{"self":[{"href":"https:\/\/mscyber.tech\/pt\/wp-json\/wp\/v2\/posts\/3235","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mscyber.tech\/pt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mscyber.tech\/pt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mscyber.tech\/pt\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/mscyber.tech\/pt\/wp-json\/wp\/v2\/comments?post=3235"}],"version-history":[{"count":17,"href":"https:\/\/mscyber.tech\/pt\/wp-json\/wp\/v2\/posts\/3235\/revisions"}],"predecessor-version":[{"id":3255,"href":"https:\/\/mscyber.tech\/pt\/wp-json\/wp\/v2\/posts\/3235\/revisions\/3255"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mscyber.tech\/pt\/wp-json\/wp\/v2\/media\/3237"}],"wp:attachment":[{"href":"https:\/\/mscyber.tech\/pt\/wp-json\/wp\/v2\/media?parent=3235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mscyber.tech\/pt\/wp-json\/wp\/v2\/categories?post=3235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mscyber.tech\/pt\/wp-json\/wp\/v2\/tags?post=3235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}