Cybersecurity

Complex Penetration Testing

Understand security gaps and fix them in your organization

Cybersecurity risks and threats are among TOP 3 in all industries. IT or “pure” security officers cannot professionally solve cybersecurity incidents and problems anymore today. Traditional systems-based penetration tests and security reviews do not generally identify application vulnerabilities where bespoke software and interfaces are involved. No worries: we can help.

MEET OUR TEAM

  • Our approach is based on the latest version of the leading security industry standard “OWASP Testing guide” complemented by proprietary security testing process and experience.

    Our Penetration Testing Team certifications include the following key certificates:
    • OSCP
    • Certified Ethical Hacker

BENEFITS

Our customer receives both management and technical competence and qualification

Virtual team cannot be on the sick leave

Virtual team consists of several dozens of experts

No need for extra expenses for expert's education and certification

No need for labor and other salary taxed to be paid over the price

Network of reliable partners to provide and implement security tools and technologies

TESTING INCLUDES

WEB

Authentication
NNTC will evaluate the adequacy of the application’s authentication control mechanism as it processes the identity of individuals or entities.

Session Management
NNTC will evaluate the adequacy of the application’s session management control mechanism as it traces the activities performed by authenticated application users.

Input Manipulation
NNTC will evaluate the adequacy of the application’s input controls as the application processes inputs received from different interfaces and\or entry points.

Output Manipulation
NNTC will determine if it is possible to get information from the temporary Internet files, cookies and other application objects.

Information Leakage
NNTC will determine the type of information that is transferred back to the user or stored in the client’s machine.

Other Tests
NNTC will assess the application based on other attacks, tampering methods, and manipulations commonly used by hackers.

NETWORK

Application testing
Includes checks for the presence of the most critical vulnerabilities including the OWASP Top 10 vulnerabilities.

  • Code Execution
  • Buffer Overflows
  • File Inclusion
  • CRLF Injection
  • Cross Frame Scripting (XFS) XPath Injection
  • Insecure cookie flags
  • URL redirection
  • Remote XSL inclusion
  • Cross Site Scripting in URI
  • Etc.

Network layer testing
Includes checks for the presence of the most critical vulnerabilities.

  • Outdated software
  • Insecure/default configurations
  • Default/weak passwords
  • Absence or weak authentication mechanisms
  • Deprecated protocols
  • Information disclosure
  • Code injection
  • Denial of service
  • Data encryption in network connections and other checks
MOBILE

Weak Server-Side Control
NNTC will evaluate the adequacy of the Weak server-side control.

Insecure Data Storage
NNTC will evaluate the adequacy of the in mobile application.

Insufficient Transport Layer Protection
NNTC will evaluate the adequacy of the transport layer protection security measure.

Unintended Data Leakage
Sometimes developers unknowingly reveal sensitive data through log files or through error messages.

Poor Authorization and Authentication
Many times access to resources hold by sensitive activities is not properly authorized.

Broken Cryptography
This allows an attacker to decrypt the data captured over the network.

Client-Side Injection
NNTC will evaluate the adequacy of the Server-side injection control.

Security Decisions via Untrusted Inputs
NNTC will evaluate the adequacy of the application’s input controls.

Improper Session Handling
Such flow allows an attacker to steal session of legitimate user any perform a malicious activity or steal user data.

Lack of Binary Protection
Lack of binary protection can result in the exposure of application code to the attacker.

YOU WILL GET

  • 1. Report set, which consists of:
    • • Summary – slides presentation for C-level management with non-technical details or technical terminology.
    • • General report – a technical report, consists of general information about the activities that occurred during the penetration test (intelligence, attack scenarios, information on finding vulnerabilities, etc.)
    • • Technical details – detailed description of each stages of penetration test. This report is the main source of technical information (data from specialized scanners, tools, and also found manually).
    • • Raw data – directory for technical specialists.
    2. Face-to-Face results presentation
    3. Consulting support during the project
    4. Re-pentest after fixing vulnerabilities is included in the scope of services provided
    5. Methodology

Contact us

Please fill out the form and our experts will come back with suggestions for solving them

Name *
accept