We provide services compliant with strict technical, structural, and security standards

Penetration testing

Verify the level of your data protection from misuse

Currently the inadequate protection of information systems and communication infrastructure against unauthorized access which is caused not only by external attacks but also frequently comes from the inside of the organization appears to be rising threat. The number of attacks that come from the internet targeting the corporate networks is rising and also their nature is more sophisticated and dangerous.

The main contribution of penetration testing is in practical verifying of complex information security. In this case thanks to early detection of existing weaknesses and by establishing effective controls the organization can prevent significant loss which otherwise could be caused by successful attempt of an attacker. The result of the test is actual overview about location of weak spots which allows penetration of organization information system.

It includes a final report comprising an assessment of detected security deficiencies by degree of their severity and recommendations for their elimination, respectively maximum reduction of the risk of abuse.

Basic characteristic

  • possibility to execute penetration testing in form of a white/black box or double blind
  • summary of findings describing the state of information system security
  • independent and expert detection of weaknesses and vulnerabilities and assessment of your IT administrators work
  • procedure for elimination of security deficiencies together with definition of recommendations evaluated by the degree of severity they represent
  • protection of good will and enhancement the competitiveness of company
  • prevention of unauthorized access, obtaining confidential and sensitive information
  • prevention of financial loss
  • maximizing the availability of information systems

White box – complete knowledge of evaluated system

Black box – without previous knowledge of evaluated system infrastructure

Double blind – verification of security monitoring effectivity and reaction on security incident in real time

OWASP (The Open Web Application Security Project)

OSSTMM (Open Source Security Testing Methodology) Manual

ISSAF (The Information System Security Assessment Framework)

NIST (National Institute of Standards and Technology)

CWE/SANS (Common Weaknesses Enumeration/SANS)

Servers – Application, Web, VOIP, VPN, ...

Firewalls – HW/SW

Active components of LAN/WAN networks - routers, switches, ...

Web applications – Java, PHP, CGI, ASP, ...

Database systems – Oracle, MSSQL, MySQL, PostgreSQL, ...

Wi-Fi networks – AP, Wi-Fi routers ...

Components of information and communication infrastructure

Social engineering for verification of respecting of internal security directives by employees

Resistance against DoS/DDoS attacks

Effective antivirus protection, etc...

Internal – simulation of attack against your systems and applications from internal environment of your network

External – simulation of attack against public systems and applications from external environment of the internet

Specification of important services whose failure may cause serious problems. These services can be excepted from testing or moved outside of working tip

Mode, type and time of executing tests NDA (Non Disclosure Agreement)

Penetration testing and the related activities perform team of our specialists with longstanding experience which are also holders of valued international certificates such as:

The current status of usage of your time stamps prepaid by one of our packages can be verified by clicking on “status of TS package usage” button.
The service will function only on condition that your authorization token is saved in your web browser´s certificates´ repository.
CISSP (Certified Information Systems Security Professional)
SSCP(Systems Security Certified Practitioner)
CISA(Certified Information System Auditor)
CISM (Certified Information Security Manager)
CRISC (Certified in Risk and Information Systems Control)
CGEIT (Certified in the Governance of Enterprise IT)

Get in touch