Penetration testing

Penetration testing

Want to know how to head off a hacking attack? Take advantage of our certified security specialists’ long experience and allow them to carry out a prearranged “hack” of your systems, during which they will seek out security vulnerabilities which could result in leaks of sensitive information. The test deliverable is a detailed final report which will serve you as a guide to designing better security. Below, you will find the most common types of tests, which we always adapt to the specific needs of our clients.

Website/web application testing

This is intended for both small websites and complex portals. We will sniff out known vulnerabilities according to the OWASP standard as well as those emerging from application logic errors (login, checkout, etc.). We utilize state-of-the-art software tools complemented by our hackers’ expert skills.

Mobile application testing

Do you have a mobile application that handles personal data? Are you making financial transactions in the app, or want to verify its quality from a security perspective? Our ethical hackers will prepare a detailed analysis of the application according to OWASP Mobile Security methodology.

IT infrastructure testing

If you operate your own servers and network infrastructure, we recommend periodic security verification. Leaks of employee or customer data or your corporate know-how can have a severe impact on your business and reputation. In addition to testing, we also offer consulting and security monitoring services.

Internal penetration testing

By means of a penetration testing security audit we will unveil any security vulnerabilities in your network. The audit simulates an attack from inside your network environment undertaken by an employee with ordinary user permissions and not further acquainted with the internal infrastructure or running applications.

External penetration testing

By means of a penetration testing security audit we will unveil any security vulnerabilities in your network. The audit simulates an attack from outside your network and uses a “black box” approach starting with no knowledge of the architecture, available systems, and applications, and without any user permissions.

Industrial solutions penetration testing

Citadelo has rich experience in the field of industrial control systems (ICS), also known as SCADA. Penetration testing helps to unveil vulnerabilities in control systems, thus protecting your know-how and guarding manufacturing processes against costly downtime.

PCI DSS (Payment Card Industry - Data Security Standard)

Companies processing payment card transactions should regularly test that their systems meet the requirements of the current PCI DSS standard. Citadelo has carried out dozens of these tests, and we would be happy to help you, too, secure this sensitive client data.

Internet of Things (IoT) penetration testing

In addition to traditional IT infrastructure, we also work with devices and web services in the “Internet of Things” category. Today, IoT and smart devices are installed in homes, corporations, and industrial settings, but the security risks connected with them are severely underappreciated.

Social engineering

Testing security measures through social engineering is an even more popular test which makes use of various manipulative techniques to gain access to a facility or to computing infrastructure. Typical scenarios including sending phishing emails, planting malware on removable media, or attempting to obtain sensitive data via a telephone conversation.

Source code review

This service combines automated source code testing by specialized software with a subsequent detailed examination of the results by our specialists. A recommended component is consulting with regard to how to properly design the architecture of your software project so that it meets IT security requirements.

How can I help you?
How can I help you?
Tomáš Horváth
I’m ready to help.