How do we work?
(BLACK-BOXING AND GRAY-BOXING)
We carry out a targeted IT attack on the system under investigation from the Internet or the internal network. We try to crack that system in a way that makes us real attackers. We record the mode of the attack and its results step by step, revealing the weak points of the system. A detailed report is prepared on the process, detailing the security vulnerabilities found and proposing improvements.
Vulnerability testing on servers, network and mobile devices
We use automated and “manual” procedures to assess the security level and vulnerability of servers, network and mobile devices. We prepare a summary report on the vulnerabilities, in which the security vulnerabilities found are grouped according to their severity, and a proposal is made for their solution.
Vulnerability testing of technological systems
Vulnerability testing of a company’s technological system, which includes the following activities:
- Situation exploration: mapping the structure and operation of network infrastructure and services.
- Inspection: a study of the operating conditions and behavior of a network system.
- Vulnerability testing: examination of the network of technological systems used by a given company. During the investigation, we discover the internal vulnerabilities of the given technology network, separately examining the servers and the systems running on the servers, as well as the components of other technological devices. Knowing the results of the performed tests, the company gets an objective picture of the current security level of the technological systems and possible shortcomings.
(IT and technological)
Based on the results of the ethical hack and vulnerability test, we propose or make changes to the system, supplemented by information from a “manual” survey of the system and consultation with its operators. As a result of this process, the security level of the system is significantly increased.
Non-technological type intrusion attempt into the examined system or systems. With the method of psychological manipulation, we try to obtain information from the given target group or target person with which we can gain access to the system or facilitate access to the methods by technology. We explore the vulnerabilities inherent in the human factor and, in the form of a report, propose changes to the necessary IT security policies and, if required, make proposals on the IT security topics to be taught.
Source code auditing
Having the source code, we examine the application from an IT security perspective. We will examine whether it contains so-called a backdoor, or a design or programming error that may pose a security risk, and we suggest correcting them. We have competence and reference in both the development and auditing of technological systems.