We provide assistance at each stage of application development and maintenance process. From definition of security requirements, through application security testing, to support in fraud analysis.
Application security tests
The goal of security testing is to identify application’s vulnerabilities to potential attacks and to find any gaps that can be abused by intruders. We provide both penetration tests – controlled attempts to break the security controls of a given application – as well as source code reviews which extends security tests and allows more thorough verification of hypotheses and assumptions.collapse
If only access to source code is possible, then we propose wider scope of applications security assessment, by providing analysis of source code’s key elements. It lest us to perform a much more precise verification of application security and better use of time spended for security assessment.collapse
Mobile applications security
Mobile applications security testing needs different approach than web or desktop applications. We have broad experience in security testing of different types of mobile applications, i.e.: mobile banking, mobile payments, loyalty programs, e-commerce. Our knowledge and tools allows us to assess security of all modern platforms (i.e. iOS, Android, Windows Phone, Blackberry).collapse
Blockchain and Smart Contracts Security
We deliver full security audits of blockchain applications. The goal of security testing is to identify the vulnerabilities in the blockchain ecosystem, which break its main attributes such as irreversibility, non-repudiation or trustless. We also provide the security verification of next-generation blockchains, like Ethereum platform, which incorporate smart contracts and decentralized applications. We perform the penetration tests – controlled attempts to break the security controls – as well as source code review of smart contracts and decentralized appliccations.collapse
Infrastructure security tests
Vulnerabilities are a result of applications’ defects as we as defects in server-network evironment. To identify and eliminate such drawbacks, we propose infrastructure penetration testing which can be extended by configuration review.collapse
Internal security testing
Internal penetration test imitates a malicious user who gained access to company’s internal infrastructure by means of installing malware on a user’s workstation. In that case our team tries to find and access crucial resources and exploit vulnerabilities found in the internal network to access them. All of the above is performed in close cooperation with internal staff in order to minimize the impact of our actions and maximize the output of the test.collapse
Cloud security services
We deliver cloud security environment testing, configuration reviews and consulting. The goal of the services is to identify potentially dangerous security flaws in modern public cloud environments e.g. AWS, Azure, Google Cloud or private cloud installations like OpenStack. We provide penetration testing and configuration reviews of production environments as well as consulting services on how to harden cloud environment or design secure cloud infrastructure.collapse
PCI DSS penetration testing
Our training sessions are aimed at project teams (programmers, architects, PMs, QA specialists) interested in broadening their expertise in application security. They are suited to the technology used for software development in each instance (J2EE, .NET, PHP, mobile). We also offer training sessions on the basics of security testing, geared towards QA specialists.
We organize workshops strictly for closed groups, which allows us to accommodate each team’s particular needs, including projects being undertaken and the risk profile of specific applications and programming techniques. If you would like to learn more, please do not hesitate to contact us.
Examples of training courses:collapse