Information Security & Audit

  1. You are here:  
  2. Home
  3. Services
  4. Information Security & Audit

Information Security Team

Our international team consists of highly skilled security professionals experienced with both attack and defense sides. Our specialists hold many professional certifications like OSCP, OSWE, CEH, CISSP, CCSP, CISM, CompTIA Cloud+, Pentest+, CySA+, Cisco CCNA R&S, CCNA Security, CCNA CyberOps and others.

Our team members participate in various CTF competitions and teams to keep our skills and tools up-to-date. 

We compose the project based teams depending on the technology stack used by the client. This helps us to ensure the best quality of the services provided. We can provide a client with CVs of all staff members we plan for the specific project.

IT Security Services

Internal Network Penetration testing

During this phase, we perform port scans, vulnerability scans, and testing for all computers, devices, databases and networking equipment on in-scope networks. We then validate the scan results to weed out false positives by manually verifying a subset of results within particular vulnerability classes, and review the discovered vulnerabilities.  We include ones marked as “Low” or “Informational”, as well as manually probe the in-scope networks to look for additional methods of entry or compromise not flagged by a scanner.

Cloud Security penetration test

A cloud platform can create exposure from network, application, and configuration vulnerabilities that can result in external access to company credentials, internal systems, and sensitive data. Our cloud penetration testing services will identify security gaps in your cloud infrastructure and provide you with actionable guidance for remediating the vulnerabilities and improving your organization’s cloud security posture.

Our cloud security pentesting services include:

  • Microsoft Azure
  • Amazon Web Services (AWS)
  • Google Cloud (GCP)

Security Posture Assessment

Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats.
Cybersecurity Posture Assessment is a vital first move for any organization toward better understanding of the security status of its information systems and cybersecurity maturity level overall.
Cybersecurity Posture Assessment report provides organizations with clarity and direction in terms of their cybersecurity posture, maximizing the ROI of their security-related expenses.

External Network Penetration testing

How vulnerable is your public facing system?

In an External Penetration test, we perform a vulnerability scan of your company’s externally facing (public) systems, manually verify issues, and exploit issues.

White Box Source code testing

Our team uses a number of Static and Dynamic Application Security Testing tools which can highlight the security vulnerabilities in your code base. Taking into account that software has dependencies on the open-source code and other dependencies, we will check it for the known vulnerabilities to identify if there are any security issues with the dependencies used by your code.

Web Application Testing

We perform an in-depth assessment of web applications in order to discover vulnerabilities caused by programming errors, configuration weaknesses, or faulty assumptions about user behavior. Both manual inspection and automated scanning tools are used to identify vulnerabilities.

Insider threat assessment

Mimicking the activities an attacker or malicious insider might perform.

Starting as a least privileged user we attempt to gain access to other systems, identify sensitive information, escalate privileges on the network, and pivot to other areas of the network using a local system with only normal user credentials provided by you. The level of access used as a starting point simulates what an attacker may have gained through a successful phishing email campaign or by imitating an employee or contractor. This item is meant to highlight the “unknown unknowns” and assist your company with understanding what can happen and how ultimately allowing you to raise the bar on your internal security.

Social Engineering Resistance test

70% of the successful attacks start with social engineering. We will model the sophisticated targeted social engineering attack on your employees. It will include the analysis of publicly exposed data, social networks, public documents etc to craft a social engineering attack, which can include email, or a phone call, SMS or message in a social network or messenger. We will do our best to trick your employees like the real attackers do. You can measure the effectiveness of our technical controls and awareness campaigns in fighting the social engineering attacks.

Comprehensive reports

The key deliverable from our penetration testing services is a report detailing:

  • Test methodology
  • Weaknesses identified within your information security systems
  • Explanations for all identified vulnerabilities
  • Conclusions regarding the level of security awareness among users and overall network protection
  • Descriptions of the main areas of concern, including information regarding the activities of users in each target group
  • Recommendations to mitigate identified vulnerabilities