Security audit and penetration tests

Sometimes, the costs of software that operates your data are drastically lowers than the data itself. Have you ever thought that some skilled villain can spend a few days and get his hands on your CRM or sales data send unsolicited emails to your customers or just destroy it all?

To ensure your application and data security a special type of software testing exists: security audit. It involves both active and passive activities, assessing underlying middleware, data storage layer and application layer both theoretically and practically.

The most interesting part of it, of course, is the practical part: penetration testing. It means that your systems will be probed and attacked the same way bad people do it, from outside and having little-to-none insider information.

We base our tests on proven OWASP guides and attack models and classify all found issues by DREAD model, which has proven its efficiency as a reliable risk estimation method. Our report includes not only the found issues and their descriptions but also directions on solving them.

We use both open-source and commercial tools to automate preliminary information gathering, but the actual penetration attack vectors are analyzed manually and, thus, are much more efficient comparing to fully automated attacks.

There is no limit on platforms or locations for systems under security audit, if we can access them on Internet — we can audit them. As any other TestLab² service, our security audits and penetration tests are backed up by our professional attitude, no-money-upfront policy and deep understanding of your business concerns and targets.

Drop us a note via the order form or just an email to [email protected] and we will discuss your security needs, offer possible solutions, and display security test result samples.