We support our Clients in pursuing the highest IT security standards
We evaluate security level of IT systems and applications. We also test their compliance with client's security requirements. Besides identifying vulnerabilities we verify business logic implementation (e.g. workflows) and security mechanisms (e.g. access control). We have wide experience in testing of solutions in the following areas: web and mobile applications (iOS, Android, Windows Phone), network devices and services, operating systems (Unix/Linux, BSD, Microsoft Windows, OS X), thick-client software, and embedded systems.
Source Code Audits
We provide low-level software vulnerability analyses
Our vast experience in security research lets us carry out in-depth audits of the source code. During such low-level assessments (based on a so-called white-box methods) we can report bugs which are invisible with a high-level approach (i.e. black-box). We are fluent in the following programming languages: C, C++, Objective-C, PHP, Java, Python, and Perl. Our researchers also demonstrate a remarkable level of expertise in discovering backdoors (i.e. hidden methods of gaining unauthorised access to a system).
We provide professional assistance in investigations of complex cases, e.g system compromise or data theft
Deep knowledge about threat actors and their modi operandi enables us to reconstruct attackers' activities and investigate IT systems against possible traces of malicious actions. We collect digital evidence following the chain of custody, and perform analysis aimed at determining the time, vector, methods and scope of unauthorised access. We share our knowledge and experience with customers in Poland and abroad, and law enforcement representatives.
Research & Development
We strive to find tailor-made solutions to our Clients' security challenges
Upon our Clients' non-standard requests, we provide innovative solutions based on our creativity and ability to discover. Thanks to our vast experience in various fields (e.g. programming, security research, computer forensics, system and network administration, information security management and auditing), we are well prepared to support our Clients in tackling security challenges, not easily handled with standard procedures or COTS.
We share our knowledge and experience to ensure project security
We support our Clients during their projects by providing assistance in defining security requirements (including regulatory ones), designing secure architecture, implementation of security controls, and verification of systems' compliance with security objectives. We have had many opportunities to work together with software analysts and designers, developers and administrators, regulatory and business units.
Organisation's success depends more and more
on the ability to effectively manage its security
We assess compliance of processes and IT systems with security requirements
We help our Clients improve their processes and IT systems by identifying lack of their compliance with internal and external regulations, and by recommending corrective steps. We help manage associated risks, draw and follow the roadmap to compliance. We support our Clients in building and improving audit function within their organisations.
We evaluate maturity and security level of processes
We provide services aimed at the assessment of maturity of information security-related processes (e.g. access control, 3rd-party supervision), along with the evaluation of efficiency of security controls within the business processes (e.g. sales, customer care) and operations (e.g. HR, purchasing, communications). We advise our Clients on how to organise IT and information security management in a cost-effective manner.
We identify weak points in security awareness among the staff
Our assessments utilising social-engineering methods aim at exploitation of human nature vulnerabilities and low security awareness together with inefficient technical security controls. We simulate real-life attacks that show our Clients, how their security mechanisms can be bypassed in order to sneak into their organisation's infrastructure and gain unauthorised access to their valuable information.
We collect and analyse hard-to-reach information necessary to solve our Clients' complex security problems
We help our Clients in solving their unusual and complicated problems that require non-standard approach and unique skills. Our support aims to fill in the knowledge gaps in wider investigations of cybercrime, data breaches, ransomware infections, dark PR, and other types of crime, unfair competition or just some bad luck.