OUR SERVICES

Security audits and penetration tests

Every wall can be broken through – it’s just a matter of time and skill. There’s always some risk. The main goal of our service is to minimize it.

 

In security testing, we involve current standards and norms, as well as the best security patterns, worked out by IT security groups, i.e. OWASP, CIS, NIST, SANS. We provide practical conclusions in a comprehensible format. The result report contains a description of the error’s reconstruction, possible threats and corrective actions.

 

We support our Clients at every stage of the project, plan necessary testing, identify potential threats and design project guidelines for the solution being implemented.

 

Examples of realizations

 1. A Client from the insurance sector

Area: application for partners

Scope: security tests of applications for partners

The result: finding vulnerabilities in the file exchange module, enabling unauthorized substitution of offer files for client's

 

2. A Client from the financial sector

Area: application for individual clients

Scope: mobile application and www security tests

Outcome: finding vulnerabilities that allow unauthorized transfers, without using two-factor authentication

 

3. A Client from the public sector

Area: infrastructure

Scope: penetration tests of the client's network

The result: finding the possibility of unauthorized access to the server providing the website service and making changes on the client's website without login

 

Contact us: +48 500 004 430 I  oferta.security@soflab.pl

 

Download a PDF brochure about our Cybersecurity services.

BENEFITS     SCOPE

BENEFITS    

  • Preventing financial losses
  • Protection of brand reputation and Clients’ trust
  • Risk management
  • An objective and independent assessment of the actual condition of the organization’s security features
  • Recognizing an organization’s weaknesses and receive proposals of ready-made solutions improving security level
  • Compliance with provisions of law and other regulations
  • Socio-technical testing, procedure, and physical protection testing

SCOPE

  • Verifying the design documentation regarding safety considerations
  • Penetration tests
  • Auditing the security configuration of infrastructure and individual systems/ services
  • Information infrastructure security audit
  • Testing the immunity to DoS/ DDoS
  • Static audit of source code