This is one of our main services, we have many years of experience in conducting such testing, we have performed several hundred tests for our clients. All pentesters conducting testing have several certificates, for example OSCP (Offensive Security Certified Professional) and have a proven reputation in the industry. All reports are written by our consultants, and not just generated by automatic security scanners. In addition, our pentesters have identified many vulnerabilities in popular software and participated in anti-vulnerability programs.
Why choose us?
We are experienced professionals who have worked for reputed companies in top technical positions in the field of cybersecurity. We conducted hundreds of pentests. Our customers are international banks, exchanges, factories, medical facilities and state-owned enterprises.
Each of our pentesters has real top-level experience in penetration testing. Our work is carried out using the manual testing approach, we not only use automatic scanners, but also use real attack methods that can be used against the organization. Our reports are written manually, and not automatically generated by programs. These are the reasons why many well-known companies trust us, which is confirmed by our recommendations.
Experience allows us to talk extensively about cybersecurity, we have the technical knowledge of how hackers work and what are the biggest threats to cybersecurity for the modern world. We use this knowledge with responsibility to help organizations.
Black Box Penetration Testing
Infrastructure testing and application testing can be performed from the point of view of an attacker from the external environment, which means that the tester does not have any knowledge about the target system, except for publicly available ones. No information about the architecture and systems of clients is provided, no user accounts other than those that can be created by an attacker (for example, by registering in the application). Usually, when conducting a security audit of a web application, we use the “gray box” approach, which gives us some information about the audited system and provides reports on each role, so we have the ability to check both vertical and horizontal privilege escalations, which means access to data and / or the functions of a user with a higher privilege level and another user with the same or similar access rights.
White Box Penetration Testing
This type of security audit is an extended version of the gray box pentesting in which testers are fully aware of the target resource. In the case of a web application, we are given access to both the documentation and the source code in addition to what is provided in the gray box test.
Web Application Penetration Testing
We conduct penetration testing of web applications in accordance with the popular and generally accepted OWASP methodology, including OWASP Top 10 and OWASP ASVS (application security verification standard), expanded based on our experience. We are not limited to only the vulnerabilities listed in OWASP and strive to find business-specific vulnerabilities that can pose a real threat to the client’s business and which are often overlooked by automatic vulnerability scanners.
Software Penetration Testing
We carry out penetration testing of client-server applications. We can cover security testing of applications written in C / C ++ / C # and Java for Windows, Linux, and OS X platforms.
Mobile App Penetration Testing
We are testing penetration into mobile applications for iOS and Android platforms. Our methodology is based on OWASP Mobile (Open Web Application Security Project), including OWASP Mobile Top 10 and OWASP MASVS, complemented by our own experience in identifying vulnerabilities in mobile applications.
We carry out penetration testing in the network infrastructure (LAN / WAN / WLAN) in accordance with the PTES platform (Penetration Test Performance Standard). Tests can be carried out both from an external (Internet, Wi-Fi, etc.), and from an internal (LAN, VPN) network.
LAN penetration testing
Security audit of the local network can be carried out locally in the room or through a VPN. The difference compared to testing the infrastructure is that the pentester is granted access at the level as if the attacker had already gained access to the company's internal network or imitates a fraudulent employee trying to do harm from the inside.
WiFi penetration testing
WiFi penetration testing aims to verify the security of locally deployed wireless networks. It is aimed either at penetrating a secure Wi-Fi network, or at increasing privileges from the guest network and attacking users.
Wireless security is also part of our services whose goal is to conduct social engineering attacks against unsuspecting WiFi users, for example, using a fraudulent access point.