Penetration testing is the process of assessing and evaluating relevant systems and protocols, in order to identify their vulnerabilities and weaknesses, from the perspective of anonymous and non-privileged users (attackers) who intend to harm our system or network.
Our consulting services from the domain of penetration testing include:
1. Verification of penetration testing, ethical hacking of electronic information systems.
2. Advisory services for solving the problems identified and removing the observed weaknesses.
3. Compilation of reports on the risks of breakthrough of the IT system (if necessary: periodic reports and repeated tests after the implementation of recommendations)
4. Programs for improvement of existing applied solutions (interviews with employees and testing of their resistance to unwanted manipulation, assistance in improvement of specific processes, tools, techniques and other solutions, training and presentation with the aim of developing awareness and alertness about possible attacks and training on application of individual solutions (on the whole offer of training more in the section: training), etc.).
5. Full consultative support and cooperation in the field of security of the IT system.
Who are our clients?
The most common users of consulting services regarding penetration testing are:
• All companies involved in payment cards, banks and other financial institutions |
|
• Organizations dealing with private (protected) personal data bases |
|
• Organizations from the domain of Internet entrepreneurship |
|
• Suppliers of IT/ ICT services |
|
• All organizations that need an evaluation of applied solutions that penetration testing can identify |
|
• All organizations that have potential vulnerabilities that can be analyzed and improved on the basis of penetration testing |
|
Characteristics of our approach to penetration testing
- We check the security of internal (workstations, servers, network devices) and external (publicly available services and servers) of the system, then check the safety of the Internet, desktop and mobile applications and services, wireless communication systems. We pay particular attention to checking the risk of harmful breakthroughs in the field of human resources and the risks arising from defective internal procedures and rules.
- We know black, gray and white hat approaches
- We create our own test tools, at the client's request, which gives the client a unique insight into the security of their own systems, thanks to our way of creating a tool based on reverse engineering.
- We have our database of unpublished vulnerabilities, extensive experience in using Open-source Intelligence Tools (OSINT) of the widest applications available, contributing to the OWASP foundation with tools and lectures, we have specially prepared configurations for breaking common types of encryption.