Securitum is a consulting company, specialized in security of IT systems. We have experience in performing all kind of penetration tests – mainly for financial / e-commerce / industry sectors. We performed penetration tests security services for leading European banks (written references available).
Due to our experience, and internationally recognized team, penetration testing can be made with broad insight, great results and short time.
Web application pentests
Web application penetration test, done in a blackbox method (without source code and configuration access). Tests are done in a manual way with tools assisting role only.
Internal infrastructure (LAN) penetration tests. Allows to verify local network security, finding weak points and showing assets needed to protect/fix. Tests are done from the internal point of access, covering disgruntled employee or malware scenarios.
Source code analysis
Whitebox source code analysis, done as a supplementation to basic blackbox testing in later stages of security audits.
Remote infrastructure pentests (VPN)
Remote infrastructure tests (VPN) – penetration tests of remote work access infrastructure (VPN). Goal of the project is to find and verify security vulnerabilities of remote work access infrastructure. Tests are done in manual way using blackbox and greybox (later stages) methodology.
Server infrastructure configuration audit
White box manual audit of server infrastructure configuration. Tests cover general operating systems configuration and selected software server components (e.g. SQL DB, WWW servers and many others.
E-commerce web platform penetration tests, done in a blackbox manual mode. Project covers web application pentest scope extended with aspects relevant to the e-commerce platform/app group.
Wi-Fi infrastructure – wireless infrastructure penetration tests, executed in a blackbox manual way (no prior knowledge of architecture nor configuration.
Distributed Denial of Service tests. Cover simulation of a few attack types, e.g. flood, http/app layer, slow attacks, SSL termination exhaustion and others.
Cloud infrastructure pentests
Cloud infrastructure (AWS, GCP, Azure) – broad range of cloud infrastructure penetration tests and audits. Goal of the project is cloud environment configuration verification from the security standpoint. During the typical tests, the great emphasis is put on network, authentication, logging configuration. Tests are done in white box manual mode. Tests are often supplemented with VM and container pentests.
Organization reckon (OSINT)
Manual blackbox information gathering. Goal of the tests are to acquire as much as possible classified information (e.g. company infrastructure, network intel, private data) from publicly available sources (so called passive OSINT), and then verify them from external network points (network tests), while trying to get access to confidential information (final goal).
External infrastructure (WAN) penetration tests, done from the external network point of view. Tests target and verify potential intrusion points as seen from the internet, showing a intruder ability to gain access to internal company systems.
Mobile applications pentests
Mobile applications penetrations tests, where during the project (blackbox and manual mode) auditors test both client and server components of the application. Tests cover both iOS and Android platforms and if requested also cover mobile app source code.
System/application performance testing, done as a real traffic/work simulation to find and show application weak points from performance perspective.
Work station hardening
Whitebox manual audit during which configuration of employees work stations is verified. Manual analysis of potential vulnerabilities and security problems helps to detect configuration errors with security implications. Tests of this type are critical for remote organizations, due to the inability to protect remote networks in full way in WFH scenarios.
Pretests that are based on a predetermined scope, schedule and price.
Time & material
Pentest based on the actual time the auditor spent on the project
We among others do newest IT architectures audits, including GCP, AWS, Azure pentests, covering also cloud Web deployments and API backends of any scale.
Our team holds numerous awards and security certificates (CISSP, CEH, OSCP) and we’re invited as speakers to multiple conferences every year.
We publish in world famous portals like: The register – UK, Heise Online – Germany, Security.nl – Holland, der Standard – Austria, Slashdot – USA).
We are on the market since 2009
Top European banks are our customers
We also work on-premise if needed
Internationally recognised team (Google’s 0x0a!)
Multiple CVE’s found and reported
We freely share our cyber education publications