The goal of security testing is to identify application’s vulnerabilities to potential attacks and to find any gaps that can be abused by intruders. We provide both penetration tests – controlled attempts to break the security controls of a given application – as well as source code reviews which extends security tests and allows more thorough verification of hypotheses and assumptions.

If only access to source code is possible, then we propose wider scope of applications security assessment, by providing analysis of source code’s key elements. It lest us to perform a much more precise verification of application security and better use of time spended for security assessment.

Mobile applications security testing needs different approach than web or desktop applications. We have broad experience in security testing of different types of mobile applications, i.e.: mobile banking, mobile payments, loyalty programs, e-commerce. Our knowledge and tools allows us to assess security of all modern platforms (i.e. iOS, Android, Windows Phone, Blackberry).

We deliver full security audits of blockchain applications. The goal of security testing is to identify the vulnerabilities in the blockchain ecosystem, which break its main attributes such as irreversibility, non-repudiation or trustless. We also provide the security verification of next-generation blockchains, like Ethereum platform, which incorporate smart contracts and decentralized applications. We perform the penetration tests – controlled attempts to break the security controls – as well as source code review of smart contracts and decentralized appliccations.

Read more…

Vulnerabilities are a result of applications’ defects as we as defects in server-network evironment. To identify and eliminate such drawbacks, we propose infrastructure penetration testing which can be extended by configuration review.

Internal penetration test imitates a malicious user who gained access to company’s internal infrastructure by means of installing malware on a user’s workstation. In that case our team tries to find and access crucial resources and exploit vulnerabilities found in the internal network to access them. All of the above is performed in close cooperation with internal staff in order to minimize the impact of our actions and maximize the output of the test.

We deliver cloud security environment testing, configuration reviews and consulting. The goal of the services is to identify potentially dangerous security flaws in modern public cloud environments e.g. AWS, Azure, Google Cloud or private cloud installations like OpenStack. We provide penetration testing and configuration reviews of production environments as well as consulting services on how to harden cloud environment or design secure cloud infrastructure.

Read more…

PCI DSS requires that all entities who processes card data should perform regular penetration testing of CDE (Cardholders Data Environment). Our PCI DSS penetration testing services are fully compliant with PCI DSS penetration testing guidance.

Read more…

Our training sessions are aimed at project teams (programmers, architects, PMs, QA specialists) interested in broadening their expertise in application security. They are suited to the technology used for software development in each instance (J2EE, .NET, PHP, mobile). We also offer training sessions on the basics of security testing, geared towards QA specialists.

We organize workshops strictly for closed groups, which allows us to accommodate each team’s particular needs, including projects being undertaken and the risk profile of specific applications and programming techniques. If you would like to learn more, please do not hesitate to contact us.

Examples of training courses:

• Security Aware Developer
• Secure development in Java/.Net/PHP/…