WEB APPLICATION / DESKTOP
(FAT CLIENT) PENETRATION TESTS
Checking the resistance of web applications / desktop (fat client) against security breaches and cyberattacks by conducting comprehensive tests compliant with: OWASP TOP 10 / OWASP ASVS / PCI DSS.
Performed by experienced, professional security engineers, who hold numerous certificates, such as CEH, OSCE, OSCP, OSWE, OSEE, CISSP, CISA.
Risk estimation according to CVSS
MOBILE APPLICATION PENETRATION TESTS
Checking the resistance of mobile applications against security breaches and cyberattacks by conducting comprehensive tests compliant with: OWASP Mobile TOP 10 / OWASP MASVS.Performed by experienced, professional security engineers, who hold numerous certificates, such as CEH, OSCE, OSCP, OSWE, OSEE, CISSP, CISA.
Risk estimation according to CVSS
API PENETRATION
TESTS / WEBSERVICES
Checking the resistance of API/ WebServices against security breaches and cyberattacks by conducting comprehensive tests compliant with: OWASP TOP 10 / OWASP ASVS / PCI DSS.Performed by experienced, professional security engineers, who hold numerous certificates, such as CEH, OSCE, OSCP, OSWE, OSEE, CISSP, CISA.
Risk estimation according to CVSS
INFRASTRUCTURE PENETRATION TESTS
Checking the resistance of the infrastructure (AWS, AZURE cloud, web, proxy and database servers, LAN, WAN, Wi-Fi, network devices, IoT and other) against security breaches and cyberattacks by performing comprehensive tests compliant with OSSTMM/PTES.Performed by experienced, professional security engineers, who hold numerous certificates, such as CEH, OPST, OPSE, OPSA, OSCP, OSCE.
Risk estimation according to CVSS
DDOS TESTS
Checking the resistance of applications or the infrastructure to cyberattacks aimed at freezing or crashing the application or the infrastructure by performing comprehensive tests compliant with NIST standards.Performed by experienced, professional security engineers, who hold numerous certificates, such as CEH, OSCE, OSCP, OSWE, OSEE, CISSP, CISA.
Risk estimation according to CVSS
RED TEAM
Checking the resistance of the organisation (people, systems, physical safeguards, procedures) against security breaches and cyberattacks by using different techniques, such as penetration tests or social engineering tests.Performed by experienced, professional security engineers, who hold numerous certificates, such as CEH, CPTE, OSCP, OSCE.
Risk estimation according to CVSS
SECURITY CONFIGURATION AUDIT
Checking the correctness of the security settings of applications or the infrastructure (AWS, AZURE cloud, web, proxy, database servers, LAN, WAN, Wi-Fi, network devices, IoT etc.) in accordance with CIS Benchmark, NIST, STIG.Performed by experienced, professional security engineers, who hold numerous certificates, such as CEH, OSCE, OSCP, OSWE, OSEE, CISSP, CISA.
Risk estimation according to CVSS
SOURCE CODE AUDIT (WHITE-BOX)
Checking security of applications by performing comprehensive analysis of the code.Performed by experienced, professional security engineers, who hold numerous certificates, such as CEH, OSCE, OSCP, OSWE, OSEE, CISSP, CISA.
Risk estimation according to CVSS
COMPREHENSIVE CYBERATTACK PROTECTION (BLUE TEAM)
Provision of protection to an organisation (people, systems, physical safeguards, procedures) against security breaches and various attacks.Performed by experienced, professional security engineers, who hold numerous certificates, such as CEH, OSCP, OSCE.
SOCIAL ENGINEERING TESTS
Checking the employees' security awareness by conducting comprehensive attempts to obtain confidential information (e.g. phishing, phone calls or entry on the company premises) or attempts to persuade personnel to engage in activities which contradict the principles of security (e.g. through phishing).Performed by experienced, professional security engineers, who hold numerous certificates, such as CEH, CPTE, OSCP, OSCE.
POST-BREACH ANALYSIS
Determination of the perpetrators and/or consequences and scope of a breach by analysing traces of the breach, collecting evidence and implementing mechanisms minimising the risk of future breaches.Performed by experienced, professional security engineers, who have been awarded numerous certificates, such as CHFI, CEH, CPTE, OSCP, OSCE.
TRAINING
Increasing the level of knowledge and awareness of security through practical workshops and training sessions raising security awareness and providing knowledge about current types of cyberattacks.Conducted by experienced, professional trainers.
Benefits
• Increasing the level of security of data processed in IT systems.
• Minimising the risk of security breaches and successful cyberattacks.
• Detecting current vulnerabilities, loopholes, errors in software and systems before they are detected by cybercriminals.
• Practical, implementable and cost-efficient recommendations (quick wins).
• Compliance with international norms and standards (ISO 27001, OWASP, OSSTMM, PCI DSS).
• Avoiding financial losses, reputational damage and legal consequences.
• Minimising the risk of security breaches and successful cyberattacks.
• Detecting current vulnerabilities, loopholes, errors in software and systems before they are detected by cybercriminals.
• Practical, implementable and cost-efficient recommendations (quick wins).
• Compliance with international norms and standards (ISO 27001, OWASP, OSSTMM, PCI DSS).
• Avoiding financial losses, reputational damage and legal consequences.
Facts
120
clients
11
years of experience in the market
300
penetration tests / year
80
% of manual tests
Reference
Team
Our professional security engineers hold numerous certificates, such as CEH, CompTIA Security, CISSP, CISA, CISM, CCNA, CCNP, CNDA, CPT, CPTE, CRISC, GPEN, ITIL, LPT, MCSA, OSCE, OSCP, OPST, OPSE.
Contact us!
Do you have a question?
Do you need an offer?
Optima Partners Sp. z o.o. Sp. k.
ul. Puławska 145
02-715 Warszawa
tel./fax +48 22 278 36 33
