We can harden your current security or build it from the ground up. It does not matter if this means document assets and artifacts:
- security controls, procedures, policies etc.
or technical configuration and hardening:
- network devices, endpoint devices, servers, applications etc.
Discovery phase
A meeting (online or offline) is scheduled to get high level requirements, constrains and expectations for your project. Also we give more details about us, past projects and initial thoughts on the current one.
Offer phase
We present a detailed offer tailored for your project with time/cost estimations and other artifacts that might be required, such as action items, KPIs etc.
Commitment phase
In this step we do "our thing" - tests, audits or whatever actions the project requires in the time frame that we have decided in our requirements document.
Report and delivery phase
Here we have a meeting (or not) to present our outcome documents which may be recommendations, business report with risk assesment, technical report with proof of concepts etc. or whatever goals we have agreed upon.
Feedback phase
We will ask for your feedback on how the project was done and if it is needed we will go back and clear things out before closing the whole thing.
Tests of this type are performed without any prior knowledge of the targeted infrastructure or application. The main goal of a black box penetration test is to simulate a real hacker attack where the hacker has to make his way from the outside to the inside of a given system by exploiting the publicaly available endpoints in a given network or system.
This type of test combines both other types and we have the knowledge of a basic user in the system or perhaps a user with elevated privileges. These type of tests are performed for more focused effort and faster completion. A possibility exists that the attacker will not be able to penetrate and thus leaving vulnerabilities undiscovered.
Also known as clear-box or logic-driven testing. It is the most time consuming test of all three types because the attacker has to process a lot of information. He has access to everything so he could provide comperhensive assessment of both internal and external vulnerabilities. It is usually very effective when testing applications and their source code.
You can send us a request to arrange an offline or online meeting so you can tell us more about your project and we can properly introduce ourselves and our experience. This is the first step to solving a security problem or preventing one in the future.
Yes. We are strict on confidentiality and we will respect your company's image. We can sign an NDA even before our first meeting, but you will have to email it to us beforehand.
We know that every company is different and every company has its own procedures, process chains and requirements, this is why we are very flexible and we can work with with Fixed-Price (FFP, FPIF, FP-EPA) Contract, Cost Reimbursable Contract (CPFF, CPIF, CPAF, CPPC) and Time & Materials Contract.
Key differences from traditional builders:
* Minimalistic, extremely easy-to-use interface
* Mobile-friendliness, latest website blocks and techniques "out-the-box"
* Free for commercial and non-profit use
We can work with ISO, NIST, COBIT and PSR, but it is not problem for us to adapt our tests to suit GDPR, HIPAA or HISO.
We can follow OSSTMM, PTES OWASP, ISSAF, PCI PTG, NIST 800-115, CICA ITAC or a custom one if the project requires it.
FOLLOW US