Security audits and penetration tests

Every wall can be broken through – it’s just a matter of time and skill. There’s always some risk. The main goal of our service is to minimize it.

In security testing, we involve current standards and norms, as well as the best security patterns, worked out by IT security groups, i.e. OWASP, CIS, NIST, SANS. We provide practical conclusions in a comprehensible format. The result report contains a description of the error’s reconstruction, possible threats and corrective actions.

We support our Clients at every stage of the project, plan necessary testing, identify potential threats and design project guidelines for the solution being implemented.

Examples of realizations
1. A Client from the insurance sector
Area: application for partners
Scope: security tests of applications for partners
The result: finding vulnerabilities in the file exchange module, enabling unauthorized substitution of offer files for client’s

2. A Client from the financial sector
Area: application for individual clients
Scope: mobile application and www security tests
Outcome: finding vulnerabilities that allow unauthorized transfers, without using two-factor authentication

3. A Client from the public sector
Area: infrastructure
Scope: penetration tests of the client’s network
The result: finding the possibility of unauthorized access to the server providing the website service and making changes on the client’s website without login

Contact us: +48 500 004 430 I  oferta.security@soflab.pl
Download a PDF brochure about our Cybersecurity services.


  • Preventing financial losses
  • Protection of brand reputation and Clients’ trust
  • Risk management
  • An objective and independent assessment of the actual condition of the organization’s security features
  • Recognizing an organization’s weaknesses and receive proposals of ready-made solutions improving security level
  • Compliance with provisions of law and other regulations
  • Socio-technical testing, procedure, and physical protection testing


  • Verifying the design documentation regarding safety considerations
  • Penetration tests
  • Auditing the security configuration of infrastructure and individual systems/ services
  • Information infrastructure security audit
  • Testing the immunity to DoS/ DDoS
  • Static audit of source code