We provide assistance at each stage of application development and maintenance process. From definition of security requirements, through application security testing, to support in fraud analysis.

Application security tests

The goal of security testing is to identify application’s vulnerabilities to potential attacks and to find any gaps that can be abused by intruders. We provide both penetration tests – controlled attempts to break the security controls of a given application – as well as source code reviews which extends security tests and allows more thorough verification of hypotheses and assumptions.


Code review

If only access to source code is possible, then we propose wider scope of applications security assessment, by providing analysis of source code’s key elements. It lest us to perform a much more precise verification of application security and better use of time spended for security assessment.


Mobile applications security

Mobile applications security testing needs different approach than web or desktop applications. We have broad experience in security testing of different types of mobile applications, i.e.: mobile banking, mobile payments, loyalty programs, e-commerce. Our knowledge and tools allows us to assess security of all modern platforms (i.e. iOS, Android, Windows Phone, Blackberry).


Blockchain and Smart Contracts Security

We deliver full security audits of blockchain applications. The goal of security testing is to identify the vulnerabilities in the blockchain ecosystem, which break its main attributes such as irreversibility, non-repudiation or trustless. We also provide the security verification of next-generation blockchains, like Ethereum platform, which incorporate smart contracts and decentralized applications. We perform the penetration tests – controlled attempts to break the security controls – as well as source code review of smart contracts and decentralized appliccations.

Read more…


Infrastructure security tests

Vulnerabilities are a result of applications’ defects as we as defects in server-network evironment. To identify and eliminate such drawbacks, we propose infrastructure penetration testing which can be extended by configuration review.


Internal security testing

Internal penetration test imitates a malicious user who gained access to company’s internal infrastructure by means of installing malware on a user’s workstation. In that case our team tries to find and access crucial resources and exploit vulnerabilities found in the internal network to access them. All of the above is performed in close cooperation with internal staff in order to minimize the impact of our actions and maximize the output of the test.


Cloud security services

We deliver cloud security environment testing, configuration reviews and consulting. The goal of the services is to identify potentially dangerous security flaws in modern public cloud environments e.g. AWS, Azure, Google Cloud or private cloud installations like OpenStack. We provide penetration testing and configuration reviews of production environments as well as consulting services on how to harden cloud environment or design secure cloud infrastructure.

Read more…


PCI DSS penetration testing

PCI DSS requires that all entities who processes card data should perform regular penetration testing of CDE (Cardholders Data Environment). Our PCI DSS penetration testing services are fully compliant with PCI DSS penetration testing guidance.

Read more…




Training: Security testing for software testers and QA engineers




This training is dedicated to software testers and quality assurance engineers which would like to expand their knowledge in application security testing field and use it on daily basis during work hours.


It consists mainly from live exercises based on authors experience and real vulnerabilities which were found during penetration testing of various web and mobile applications. We will discuss security testing tools available on the market, their procs and cons and ways in which each tool can help in finding vulnerabilities. Attendees will learn about existing standards related to the specification of software requirements and software security verification.





  • current trends in security of web and mobile applications
  • how/when/why we should test security of our applications?
  • the reality of software security assessment


Security in requirements

  • functional
  • non functional


Threat modeling

  • basic concepts
  • possible approaches
  • web and mobile application risks


Standards, documents – short review

  • OWASP ASVS 2014
  • OWASP TOP 10 2014
  • OWASP TOP 10 Mobile Risks
  • OWASP Tesing Guide



  • Firebug, Web Developer
  • Fiddler/Burp
  • OWASP DirBuster



  • attacker based approach
  • test case creation
  • security testing automation
  • reporting



  • HTTP and SSL basics
  • common vulnerabilities
  • testing techniques



  • device and server API
  • security mechanisms of mobile operating systems
  • checklist for mobile application assessment