The importance of security
Servers and web applications are being hacked every day. In fact, it is not a matter of if, it is a matter of when your system will be attacked. And there is a great chance that the hackers will succeed in making some damage. No matter how hard we try, it can happen to the best of us. The more effort you put in protecting your system, the more effort will be required to break it.
That is where we come in. Our mission is to assist your company in building a highly secure environment. Although we realize that security is not absolute, we will recommend a setup, which will essentially eliminate the chance of compromise.
What we do
If you are looking for ways to improve the security of your existing system, we will test its security both externally and internally, depending on your preferences. Based on the results of the tests, we issue an easy to read, understandable report with the steps taken during the attack simulation, risk assessment and recommendations.
If you are just starting to build your system (application, server or network), we will prepare the security design for you. The design aims to face your specific needs and it strikes the golden mean between usability and paranoia. Every aspect of the design will be justified and presented in humanly understandable way.
What we do not offer
We do not offer check-box assessments. We do not offer machine-generated reports from automated scanners testing for 15-year old exploits. We do not offer shiny, colored reports with just 20 pages of pie-charts, bar charts and MS Visio diagrams.
What we offer
We offer the creativity of the hacker mind. Through real attack simulations we reconstruct actual situations, which, if carried out by malicious hackers, will result in damages for your company. We offer comprehensive reports, describing in easily understandable language the nature of the attacks.
- Web Application Penetration Testing (Simulation of different attack scenarios)
This type of tests is also known as Blackbox Penetration Testing. In a Blackbox Penetration Test, the testers will act with no knowledge of the target to carry out "real" attacks against the system. What is targeted in the client system will depend on the most likely attack vectors that would be used against the specific client if it was targeted by malicious hackers.
- Web Application Security Assessment
You can also think of this type assessments as Whitebox Penetration Testing. In a Whitebox Penetration Test, the testers will have access to the system. The access is determined when the assessment is negotiated; it can be the code of a web application, user accounts with different levels of privileges, server access. etc.
- Security Consulting and Design
Breaking systems is always fun, but it is not enough. We understand this better than anyone else, and we are always there for our clients, offering security advice. Whether you want to build your first Web application, or if you want to improve the security of your existing system, or if you are simply trying to double-check your security design, we are eager to assist. We will design the security controls for your system and will offer advice on the proper implementation.
- Incident Response
Despite all the security measures, anyone can get hacked. A 0-day exploit, a missing patch, or even a human error - they can all result in serious abuse from malicious users. There are several things that have to be done in such cases - preparation, detection, containment, investigation, eradication, closure. Properly following these steps ensure that such incidents are dealt with properly and that they will not occur again.
How we do it
We do this by taking the individual approach with our clients. We do not have templates for offerings or reports. By choosing us, you get a dedicated team of security professionals available at any time for the duration of the project.
After you contact us for a penetration test, we will work together to determine the scope of your needs and agree on a set of tests/attacks that will be included in the assessment. The output of this stage will be a profile of your company, containing the most likely attack vectors.
Then we will devise an action plan, which will include the scope of the test, the schedule/working hours, our duties. The output of this stage is an action plan, detailing how and when the test will be carried out.
We conduct the test. This includes gathering information, enumerating and assessing services and resources, finding and exploiting potential vulnerabilities. Each potential security issue we find will be duly reported to you, and a permission to exploit it will be sought. If permission is granted, we will attempt to confirm the vulnerability by exploiting it. We will take the test as far as you are willing to go. The output of this stage is a list of potential and/or confirmed ways to exploit the system, maintain unauthorized access, elevate user access.
Upon the completion of the test, we will revert any changes we may have made to the system, leaving it as it was before the test. The output of this stage is the original state of the system.
At the end of the project, we will prepare a report and will present it to you.
Going beyond the penetration tests, the security services we offer to our customers are specifically tailored for their needs and can be combined. For example, we may design your security controls, test your system to see how they are implemented, and build a plan in case it gets compromised. Or we can pentest your system, find the weak spots, and build a better security design and or guide you through the preparation stage of the incident response process.
Get in touch
Still wondering? Get in touch with us, and together we will determine how we can work with you to provide you with the best service for you.