Security
in a digital world

ISEC is a Polish company providing highly specialised
services and solutions to cybersecurity and
data protection problems

We perform professional vulnerability assessments
of IT systems and applications, and provide
dedicated solutions for information security

Application
Security

Regular security assessments of IT systems
and applications are essential for effective
protection of information processed within them

Penetration Tests

We support our Clients in pursuing the highest IT security standards

We evaluate security level of IT systems and applications. We also test their compliance with client's security requirements. Besides identifying vulnerabilities we verify business logic implementation (e.g. workflows) and security mechanisms (e.g. access control). We have wide experience in testing of solutions in the following areas: web and mobile applications (iOS, Android, Windows Phone), network devices and services, operating systems (Unix/Linux, BSD, Microsoft Windows, OS X), thick-client software, and embedded systems.

Source Code Audits

We provide low-level software vulnerability analyses

Our vast experience in security research lets us carry out in-depth audits of the source code. During such low-level assessments (based on a so-called white-box methods) we can report bugs which are invisible with a high-level approach (i.e. black-box). We are fluent in the following programming languages: C, C++, Objective-C, PHP, Java, Python, and Perl. Our researchers also demonstrate a remarkable level of expertise in discovering backdoors (i.e. hidden methods of gaining unauthorised access to a system).

Vulnerability Assessment

We verify the level and scale of the infrastructure vulnerability

We analyse the level of security of servers and network devices both publicly available and internal ones. We identify and assess vulnerabilities of network services running within the operating systems, network devices and other type of IT equipment. The results are evaluated to sift off the false positives and to bring a valuable and high-quality account of the level of PCs, servers and network devices' security.

Business
Security

Organisation's success depends more and more
on the ability to effectively manage its security

Social-Engineering

We identify weak points in security awareness among the staff

Our assessments utilising social-engineering methods aim at exploitation of human nature vulnerabilities and low security awareness together with inefficient technical security controls. We simulate real-life attacks that show our Clients, how their security mechanisms can be bypassed in order to sneak into their organisation's infrastructure and gain unauthorised access to their valuable information.

Project Support

We share our knowledge and experience to ensure project security

We support our Clients during their projects by providing assistance in defining security requirements, designing secure architecture, implementation of security controls, and verification of systems' compliance with security objectives. We have had many opportunities to work together with software analysts and designers, developers and administrators, as well as laywers, regulatory experts and business units representatives.

Research & Development

We strive to find tailor-made solutions to our Clients' security challenges

Upon our Clients' non-standard requests, we provide innovative solutions based on our creativity and ability to discover. Thanks to our vast experience in various fields (e.g. programming, security research, computer forensics, system and network administration, information security management and auditing), we are well prepared to support our Clients in tackling security challenges, not easily handled with standard procedures or COTS.