Information Security Team
Our international team consists of highly skilled security professionals experienced with both attack and defense sides. Our specialists hold many professional certifications like OSCP, OSWE, CEH, CISSP, CCSP, CISM, CompTIA Cloud+, Pentest+, CySA+, Cisco CCNA R&S, CCNA Security, CCNA CyberOps and others.
Our team members participate in various CTF competitions and teams to keep our skills and tools up-to-date.
We compose the project based teams depending on the technology stack used by the client. This helps us to ensure the best quality of the services provided. We can provide a client with CVs of all staff members we plan for the specific project.
IT Security Services
Internal Network Penetration testing
Cloud Security penetration test
A cloud platform can create exposure from network, application, and configuration vulnerabilities that can result in external access to company credentials, internal systems, and sensitive data. Our cloud penetration testing services will identify security gaps in your cloud infrastructure and provide you with actionable guidance for remediating the vulnerabilities and improving your organization’s cloud security posture.
Our cloud security pentesting services include:
- Microsoft Azure
- Amazon Web Services (AWS)
- Google Cloud (GCP)
Security Posture Assessment
A Cybersecurity Posture Assessment is a vital first move for any organization toward better understanding of the security status of its information systems and cybersecurity maturity level overall.
Cybersecurity Posture Assessment report provides organizations with clarity and direction in terms of their cybersecurity posture, maximizing the ROI of their security-related expenses.
External Network Penetration testing
How vulnerable is your public facing system?
In an External Penetration test, we perform a vulnerability scan of your company’s externally facing (public) systems, manually verify issues, and exploit issues.
White Box Source code testing
Our team uses a number of Static and Dynamic Application Security Testing tools which can highlight the security vulnerabilities in your code base. Taking into account that software has dependencies on the open-source code and other dependencies, we will check it for the known vulnerabilities to identify if there are any security issues with the dependencies used by your code.
Web Application Testing
Insider threat assessment
Mimicking the activities an attacker or malicious insider might perform.
Starting as a least privileged user we attempt to gain access to other systems, identify sensitive information, escalate privileges on the network, and pivot to other areas of the network using a local system with only normal user credentials provided by you. The level of access used as a starting point simulates what an attacker may have gained through a successful phishing email campaign or by imitating an employee or contractor. This item is meant to highlight the “unknown unknowns” and assist your company with understanding what can happen and how ultimately allowing you to raise the bar on your internal security.
Social Engineering Resistance test
70% of the successful attacks start with social engineering. We will model the sophisticated targeted social engineering attack on your employees. It will include the analysis of publicly exposed data, social networks, public documents etc to craft a social engineering attack, which can include email, or a phone call, SMS or message in a social network or messenger. We will do our best to trick your employees like the real attackers do. You can measure the effectiveness of our technical controls and awareness campaigns in fighting the social engineering attacks.
Comprehensive reports
The key deliverable from our penetration testing services is a report detailing:
- Test methodology
- Weaknesses identified within your information security systems
- Explanations for all identified vulnerabilities
- Conclusions regarding the level of security awareness among users and overall network protection
- Descriptions of the main areas of concern, including information regarding the activities of users in each target group
- Recommendations to mitigate identified vulnerabilities