Want to know how to head off a hacking attack? Take advantage of our certified security specialists’ long experience and allow them to carry out a prearranged “hack” of your systems, during which they will seek out security vulnerabilities which could result in leaks of sensitive information. The test deliverable is a detailed final report which will serve you as a guide to designing better security. Below, you will find the most common types of tests, which we always adapt to the specific needs of our clients.
This is intended for both small websites and complex portals. We will sniff out known vulnerabilities according to the OWASP standard as well as those emerging from application logic errors (login, checkout, etc.). We utilize state-of-the-art software tools complemented by our hackers’ expert skills.
Do you have a mobile application that handles personal data? Are you making financial transactions in the app, or want to verify its quality from a security perspective? Our ethical hackers will prepare a detailed analysis of the application according to OWASP Mobile Security methodology.
If you operate your own servers and network infrastructure, we recommend periodic security verification. Leaks of employee or customer data or your corporate know-how can have a severe impact on your business and reputation. In addition to testing, we also offer consulting and security monitoring services.
By means of a penetration testing security audit we will unveil any security vulnerabilities in your network. The audit simulates an attack from inside your network environment undertaken by an employee with ordinary user permissions and not further acquainted with the internal infrastructure or running applications.
By means of a penetration testing security audit we will unveil any security vulnerabilities in your network. The audit simulates an attack from outside your network and uses a “black box” approach starting with no knowledge of the architecture, available systems, and applications, and without any user permissions.
Citadelo has rich experience in the field of industrial control systems (ICS), also known as SCADA. Penetration testing helps to unveil vulnerabilities in control systems, thus protecting your know-how and guarding manufacturing processes against costly downtime.
Companies processing payment card transactions should regularly test that their systems meet the requirements of the current PCI DSS standard. Citadelo has carried out dozens of these tests, and we would be happy to help you, too, secure this sensitive client data.
In addition to traditional IT infrastructure, we also work with devices and web services in the “Internet of Things” category. Today, IoT and smart devices are installed in homes, corporations, and industrial settings, but the security risks connected with them are severely underappreciated.
Testing security measures through social engineering is an even more popular test which makes use of various manipulative techniques to gain access to a facility or to computing infrastructure. Typical scenarios including sending phishing emails, planting malware on removable media, or attempting to obtain sensitive data via a telephone conversation.
This service combines automated source code testing by specialized software with a subsequent detailed examination of the results by our specialists. A recommended component is consulting with regard to how to properly design the architecture of your software project so that it meets IT security requirements.