IT security audit

We approach services in the field of personal data protection in a comprehensive manner.
By cooperating with our partners in the IT Security area, we can offer our clients the following range of audit services:

  • Network infrastructure penetration tests
  • Web application penetration testing
  • Social engineering tests
  • Audit of compliance with the ISO 27001 standard
  • Audit of the National Interoperability Framework (KRI) + Penetration Testing
  • Individually tailored safety tests

The audit team consists of people who have, inter alia, certificates:

  • CISSP (Certified Information Systems Security Professional)
  • CEH (Certified Ethical Hacker)
  • CISA (Certified Information Systems Auditor)

Network infrastructure penetration testing and social engineering testing

Penetration testing is carried out by simulating an attack by a pentester on the customer’s environment. The purpose of the tests is to check the IT infrastructure’s resilience to external intrusions and cyber attacks.
During network penetration tests, each of the client’s subnets is verified. At this stage, a reconnaissance of all active machines takes place, from which a pool of hosts is selected for in-depth analysis. During the audit, a site visit is made and the security of the server room is verified.
Social engineering tests impersonate the identity of another person or organization in order to persuade the attacked person to perform or abandon certain actions. The social engineering tests that we carry out take the following form:

  • Direct contact;
  • Telephone contact (vishing);
  • E-mail campaigns (phishing).

Web application penetration testing

Due to the unlimited availability for Internet users, web applications are particularly vulnerable to various forms of attacks.
We perform penetration tests of such applications in the form of blackbox, graybox and whitebox tests. Their goal is to detect all vulnerabilities in the web application that may cause service stoppages, undesirable authorization and other configuration errors.
We conduct tests in accordance with:

  • OWASP TOP 10,
  • OWASP Web Security Testing Guide,
  • OWASP ASVS.