Security audits – penetration testing – ethical hacking

Penetration testing, sometimes called ethical hacking or pentest, is an authorized, simulated attack on a computer system or application with the aim of discovering existing and potential vulnerabilities.

We carry out security audits highly professionally, accurately, and safely.

Our penetration testing is precisely designed according to the customer’s needs, even in the case of the most affordable automated, basic penetration test of a web application.

A properly conducted audit of the security of an application or system brings many benefits:

  • A safe way to find out as-is status of information security in the company.

  • A detailed report on security risks with specific recommendations on patching “bugs”

  • Significant improvement in the protection of the company’s investments against internal and external penetration

Contact us
Penetračné testy - audity bezpečnosti

Options for security audits

Basic test of a web application

Basic, automated test carried out with specialized tools to find the existence of security “bugs”.

This penetration test is a affordable and effective way to get an overview of the security of the application, it is often requested by customers with a lower budget for system security.

Learn more

Extended test of a web application

Extended, combined penetration test where an experienced tester interprets machine findings based on their experience, so the customer gets a report on the security state cleaned of automated “false positive” detections.

The high added value is the manual input of our penetration testers.

Learn more

Audit TOP 10 OWASP

Comprehensive test with a larger scope that allows the penetration tester to go deeper. Like a full OWASP, the well-known Testing Guide v4 is used, as well as a machine test with manual interpretation of findings.

The ideal compromise for budget and reliability and depth of the test.

Learn more

Full OWASP audit

Comprehensive, extremely detailed penetration test focused on all known vulnerabilities according to the OWASP Testing Guide v4.

This test is desirable in environments where financial, personal data, exposed e-shops and cloud services are used.

Learn more

Audit of infrastructure and systems

Analysis of the security system regardless of the operating system, or analysis of the infrastructure from an internal and external perspective.

Servers, network components, workstations, cameras, printers, phones, and all other devices with access to the network.

Learn more

Response to an attack or penetration

Too late? If the attacker has overtaken us, we will help you return compromised systems to their original state.

We perform an analysis of the attack, prepare recommendations for preventing further leaks, and patch the exploited “bugs”.

Learn more

Pricing for security audits

Basic test of a web application

699
  • Duration: 1 day
  • Automatized test
  • Managerial summary: yes
  • Detailed technical report: yes

Extended test of a web app

1499
  • Duration: 3 – 4 days
  • Combined test
  • Managerial summary: yes
  • Detailed technical report: yes

TOP10 OWASP audit

2999
  • Duration: 1 – 2 weeks
  • Manual test
  • Managerial summary: yes
  • Detailed technical report: yes

Full OWASP audit

4999
  • Duration: 2 – 4 weeks
  • Manual test
  • Managerial summary: yes
  • Detailed technical report: yes

We will prepare a customized price quote for your environment almost instantly. Do not hesitate to contact us.

Methods and procedures for conducting security audits

Penetration testing can be conducted in so-called Black box mode, where the testing team does not receive any information about the internal functioning of the company, access to source code or information about the architecture.

This is an attempt to precisely imitate the conditions under which the attacker usually works. This type of testing takes longer and is carried out on the running infrastructure.

On the other hand, testing in White box mode, sometimes called “clear box testing,” takes place with complete access to information about systems, architecture, and source code.

This method allows vulnerabilities to be detected more effectively than the trial and error method in Black box testing and also ensures better coverage of the tested infrastructure, as the testing team sees behind the curtain.

Testing in the Gray box mode is a combination of White and Black box approaches. The testing team may have access to selected information about the environment and specific access to the internal network, similar to what an external partner or company employee would have.

This approach allows testers to focus on specific vulnerabilities and also leaves room for comparing the thinking of a security professional and an attacker.

Happy to talk to you!

Penetration testing is a safe, reliable, and accessible way to prevent the leak of information and further damage from inside the company, as well as from the internet.

Ask for a free consultation with our experts.

Our team will carefully assess the security of your environments and recommend the best approach for conducting the audit.

  • The output of each of our tests is not only a detailed technical report, but also a managerial summary

  • Penetration tests are extremely safe, contractually covered in advance for specific areas

  • Your data is protected through an NDA (non-disclosure agreement) during and after the testing process

Get a quote

Arrange a call