IDENTIFY SECURITY RISKS
Manual penetration tests executed by certified pen testers will help you to identify potential cybersecurity vulnerabilities and receive clear recommendations for their correction:
• web applications (web apps);
• server/desktop applications;
• mobile applications (iOS & Android);
• IT infrastructure networks;
• API interfaces;
Security tests will be conducted by highly certified specialists with CDPSE, CEH, CISA, CISSP, LPT and AZ-500 certificates.
SECURITY TESTING BENEFITS
Identified security vulnerabilities.
Enhanced customer data protection (if processed).
Clear recommendations to address shortcomings.
Reduced risks of damage and stopped services.
WEB AND DESKTOP APPLICATION SECURITY TESTING
Penetration test for web applications and server/desktop applications is performed and documented in accordance with guidelines relevant to each specific project, such as OWASP, PTES or ST SP 800-115. Testing is carried out in several phases and typically includes the following:
• Acquisition of information
• Configuration checks
• User identity management checks
• Authentication testing
• Authorisation testing
• Session management
• Data entry validation checks
• Error analysis
• Detection of weak cryptographic solutions
• Business logic tests
• Customer-side vulnerability checks
MOBILE APPLICATION SECURITY TESTING
We offer penetration testing for Android & iOS platform applications. We recommend that you carry out security tests for mobile apps, because they are often widely used, store valuable information and, consequently, an important target for hackers.
IT INFRASTRUCTURE SECURITY TESTING
We are also testing the security of the IT infrastructure network. We investigate internal and/or external networks (including Wi-Fi) remotely with VPN assistance or, if necessary, in person. In this scenario, we also offer to simulate potential (employee-related) threats with the help of social engineering test.
API SECURITY TESTING
Because the API does not have a user interface and is designed to interact with systems, it is often mistakenly assumed that the API is safe on its own. However, hackers manage to find the weaknesses of API interfaces and use them, often resulting in the fact that the cyberattack is not noticed for months. Experienced and highly certified security testers will investigate your API interfaces security against the most popular risks (OWASP Top 10) and provide clear safety recommendations. Penetration tests are recommended for intersystem (B2B) and mobile applications APIs.
SECURITY TESTING OPTIONS
Black-Box penetration testing - Black-Box testing can be executed on your IT infrastructure or/and application. In this scenario our testers act as attacker from outside without any knowledgebase (except the one that is available publicly) regarding “target - victim” system.
Gray-Box penetration testing - By performing Gray-Box testing, our testers have some official information about system/environment/application. An example, full/part architecture information or access to the internal account. In this scenario we focus more how the potential threats can be exploited if attacker has already access to your system.
White-Box penetration testing - Next level of Gray-Box testing. Tester has all information & documentation about target system, including source code (if target is application).
Since each project has its own specifics, we invite you to apply for free consultation to find out the cost of service in your case.
This service is provided by Squalio.
A Squalio representative will contact you shortly.
We are happy to share our knowledge, experience and expertise. Let us know what you need, and we will contact you directly.