Security Testing/Penetration Testing of Web Applications/Web Services and API-s
We provide web application/service/API penetration testing services that are based on the OWASP ASVS standard. But also if a client requests a smaller evaluations that cover only specific functionalities in their application can be done.
Prior to testing details in regards to the security testing will be discussed – the scope, exact methodology, rules of engagement, goals, conditions, time and price.
During the testing attacks simulating real world actions of malicious actors will be carried out, if the client wishes to test their security monitoring then different levels of adversaries can be simulated – how stealthy or “loud” you want us to be.
As a result of the testing a thorough report will be compiled & presented. It includes detailed information about the coverage of the testing performed, vulnerabilities found and information/guidance on remediation.
We also perform infrastructure/network pen testing to verify the security of your IT infrastructure setup/environment.
Automated External Vulnerability Scanning
Often websites built using well known a content management systems(CMS) like WordPress/Drupal,etc get left un attended for longer periods of time and/or there are some reasons that automatic updates cannot be enabled. Which can leave them vulnerable to cyber attacks.
To give you a peace of mind and get a regular review of the state of the security on your website we provide the automated external vulnerability scanning services, that websites and their plugins for known vulnerabilities.
We also can provide regular automated DAST scanning of custom built API-s and websites.
Cyber Security Awareness Trainings
As the weakest link in cyber security tend to be employees raising employee security awareness is a must. We provide cybersecurity awareness/cyber hygiene training custom tailored to your specific needs or our general cyber hygiene course called “What could possibly go wrong”.
“What could possibly go wrong”
This is a cyber hygiene related course that is mainly oriented at detecting phishing attempts and what can be the outcome of when you open a malicious attachment.
During the course a overview will be given on widely used phishing techniques and different examples of targeted phishing e-mails will be shown. A overview is given on some of the things to look for in order to detect the phishing emails.
A live demo is performed on what can be the outcome when you click on a phishing link or open a attachment in a phishing e-mail.
Security Consulting
Whether you need help in analyzing some vulnerabilities/security issues, implementing/designing cyber security products/solutions/policies, etc or just have security assessment/compliance related questions, our specialists can advise you in a wide range of topics.