wave-1 wave-2

Security Testing

We test applications and systems for security.
Security Testing

Security Testing

Whether you're concerned about the security of a single application or a diverse system, our security experts work with you to develop a personalized plan to meet your application needs.
  • price of the application
  • Improved security
  • Continuous DevOps security programs and training
  • solutions tailored to your goals and budget
S Security Testing

Service catalog

01

Risk assessment

  • App Architecture Overview
  • Program Code Overview
  • Database audit
  • Testing mobile apps
  • WIFI infrastructure assessment and false access points search
  • Firewall security rules audit
  • Automated scans of infrastructure and application modules
  • SCADA Process Control Audit
  • Assessment of the security level of IoT solutions, autonomous machines
  • Verification of external suppliers
  • Cloud Services
02

Verification of compliance with standards

  • ISO/IEC 27000- 27999 (Information Security Standards)
  • PCI DSS (Payment Card Industry Data Security Standard)
  • GDPR: General Data Protection Regulation (GDPR)
  • Secure software Manufacturing (SDLC) process audit
  • SOC reports
03

Protection of property and privacy

  • Social engineering
  • Access control audit
  • CCTV control
  • Detection and analysis of Trojan and Malware attacks
  • Building user awareness
04

Consultation

  • Evaluation of safety procedures
  • Incident reporting mechanisms
  • Creating restore and backup procedures
E Automation of safety scans

An example
of the steps and areas to be tested

Risk assessment

Risk assessment

Security auditing

Security auditing

Penetration testing

Penetration testing

Posture assessment

Posture assessment

Security scanning

Security scanning

Vulnerability scanning

Vulnerability scanning

An example download

Download
P WEB

Examples of areas being subject
of WEB application tests

01

Gathering information

  • Socio-technical techniques
  • Server Detection
  • Identification of entry points
  • Application architecture mapping
02

Configuration and installation management

  • Configuration of network infrastructure
  • Search for administrative access
  • Protection of sensitive files
  • HTTP methods
  • HTTP Strictly Transport Security
  • RIA cross domain policy
03

Identity management

  • Defining roles
  • Registration process
  • Account management policy
04

Authentication process

  • Data Channel Test
  • Password management mechanism
  • Bypass authentication
  • Cache risk
  • Alternate authentication channels
05

Authorization process

  • Directory/path traversal
  • Avoiding the authorization mechanism
  • Permission escalation
06

User session management

  • Avoiding the session mechanism
  • Cookie attributes
  • Exposure of classified data
  • Logout functionality
  • Session cancellation
07

Input validation techniques

  • Manipulation of HTTP commands
  • Change of parameters
  • “Injection” attacks
08

Error handling

09

Weak cryptographic mechanisms

10

Vulnerabilities of the code on the customer side

Collaborative models

Customer teams

A service dedicated to customers with project teams. We provide quick support with missing competences.

Teams at B2Bnetwork

We can use our hardware and software. We implement a system that allows you a continuous monitoring

Billing models

Fixed - Price

Specific scope of the project, requirements, lead time and price.

Time&Material

The project budget depends on the work needed to be done.

Time&Material with a limit

We determine the scope of work with a budget limit and lead time.
CTA

See if we can help you with software tests.

Make an appointment for a short, several-minute conversation, during which we will jointly check whether cooperation with us will bring changes for your project.

Do you have any questions?

Contact us!

Artur Twardowski Business Development Manager +48 795 022 922