Information security consulting and vulnerability assessment, pentest

Proactive cybersecurity: vulnerability scanning and expert advice - stay one step ahead of attackers!

Comprehensive solutions for digital security

In a world of increasingly complex IT systems and growing numbers of cyber threats, information security is not only a technology issue, but also a business imperative.

Our services are designed to reduce the risks to your business by identifying critical failures and suggesting solutions.

We offer cybersecurity solutions that not only help protect IT systems, prevent data breaches and comply with regulations, but also support business process efficiency and increase the trust of your customers and partners.

Our services are designed to help you achieve comprehensive protection that becomes an integral part of business success through innovation, expertise and a customer-centric approach.

Vulnerability testing - also known as penetration testing (pentest) - is a proactive method of identifying weaknesses in IT systems before they can be exploited by malicious attackers.

What happens after contacting us?

In our experience, effective IT security is achieved by managing the three pillars (processes, technology, people) together, and we most often help our clients by following the process below:

1. Free consultation: understanding needs, goals, options

2. If necessary, a rapid assessment in the form of a 0.5-1 day workshop, on special request

3. Preparation and presentation of a development plan

3. Conclusion of the contract

4. Support within a commonly agreed framework:

IT security process improvement
ISO 27001 system implementation
Vulnerability assessment, pentest
Related training and support

Our Featured Experts

János Szendi Joó

CISM

Kiss Robin

CPTS, EMAPT, BSCP

New Year's Eve track

Domonkos Végh

CAPM, PMP

How can we improve IT insecurity in your organisation?

Our staff has decades of experience in information security, vulnerability assessment and ISO 27001 systems engineering, so we can cover all three pillars of information security in harmony with each other, according to your needs and environment, as follows:

PEOPLE

Awareness and training
Culture of security

PROCESSES

Vulnerability testing and pentest
Incident management plan
Compliance and policies

Technology

Network, application and endpoint protection
Continuous, systematic monitoring

Why is cyber security vital for businesses?

Increasingly frequent cyber security incidents have serious consequences that threaten not only the day-to-day operations of the organisation concerned, but also its long-term survival. The most common challenges faced by companies that suffer a hacker attack are:

Financial losses

Business disruption and service outages can result in significant financial losses, with recovery and remediation efforts often involving unexpected costs.

Legal consequences

Breaches of compliance obligations can lead to investigations and fines by regulators. Customers, business partners or even shareholders can claim damages if they are adversely affected by the incident.

Reputational damage

Disclosed incidents can significantly damage the image of companies that have suffered a cyber-attack; it can lead to a loss of trust from their customers and business partners.

Minimising cybersecurity risks and implementing appropriate protection measures is essential not only to keep your business running, but also to maintain the trust of your customers and partners and to remain competitive in the market.

Building information security systems

In the field of information security, we work broadly along the following steps, which of course depends on the systems and processes operating at the Client:

IT security situation assessment
We will review existing IT security policies as well as unregulated, practice-based IT security processes. Interviews will be conducted as part of the situation assessment, based on which a GAP analysis will be carried out against the standard requirements.

Definition and development of information security policy and strategy
We define the organisation's information security objectives in the light of current legislation, the place and role of the information security area in the organisation, and the strategic methods for achieving these objectives.

Preparation of an information security policy
We record procedures that meet the requirements set out in standards and relevant legislation (e.g. Act L of 2013).

Preparation of an IT Business Continuity Plan (BCP)
We define the processes that ensure the continuity of IT services in the organisation.

IT Disaster Recovery Framework and Plan (DRP)
We will develop a policy for the IT tasks to be performed by the organisation in the event of a disaster, and assess the disaster recovery plans already in place for the services provided by the organisation.

Vulnerability assessment

Vulnerability testing - also known as penetration testing (pentesting) - is a proactive method of identifying weaknesses in IT systems before they can be exploited by malicious attackers.

We tailor security scans to your systems, the most common types of scans are:

Web application, API vulnerability scan
Security testing of web applications, APIs and chatbots based on the OWASP Application Security Verification Standard (ASVS) and the OWASP Web Security Testing Guide (VSTG).

Mobile application vulnerability scanning
Security testing of Android and iOS applications based on OWASP Mobile Application Security Verification Standard (MASVS) and OWASP Mobile Security Testing Guide (MSTG)

Infrastructure vulnerability assessment
Comprehensive security testing of network devices, servers, Active Directory environments, firewalls and VPNs, and cloud solutions Customized test cases according to the specific infrastructure, industry standards and vendor recommendations

Thick-climate vulnerability testing
Security testing of local applications (e.g. Windows exe's) according to professional guidelines, industry standards, development best practices and vendor recommendations.

OSINT (Open Source Intelligence) test
Collecting and analysing information about your company from public sources to minimise the attack surface. We identify potentially sensitive data leaks, online presence risks, data leaks and security vulnerabilities and make recommendations to strengthen your defences.

Advice and expert opinion
Answering information security questions and problems that arise in the course of business operations and providing expert advice.

the vulnerability assessment process

Methodologies and standards used

For our safety testing, we use the following internationally recognised methodologies and industry standards to ensure the reliability and thorough coverage of our tests.

OWASP Top 10: List of the most common and serious application security risks.
OWASP Application Security Verification Standard (ASVS): A checklist of security requirements for web applications.
OWASP Web Security Testing Guide (WSTG): A comprehensive methodology for security testing of web applications.
OWASP Mobile Application Security Verification Standard (MASVS): A standard setting out security requirements for mobile applications.
OWASP Mobile Security Testing Guide (MSTG): A practical guide for security testing of mobile applications.
CIS Benchmarks: Configuration and security recommendations for IT systems, networks and applications.
ISO/IEC 27001: information security management system
NIS2 Directive: EU Directive 2022/2555 on cybersecurity requirements.
Other best practices and specific needs: Custom test cases according to the specificities of the infrastructure or applications.

These guidelines will help you identify the most common and serious vulnerabilities, while meeting current cybersecurity challenges and regulations.

INVESTIGATIVE APPROACHES

Black-BOX Test

The investigation is conducted from the perspective of an external attacker, without prior information.

Benefits:
A realistic offensive scenario: The test simulates the point of view of a real external attacker.
Quick set-up: No deep system knowledge or prior information is required to start the test.

Disadvantages:
Limited coverage: The vulnerabilities of the internal components of the system can remain hidden.

Example case:
An external attacker tries to penetrate a company's website without knowing its internal structure.

Grey-BOX Test

We work with partial access; from an internal attacker, client or user perspective.

Benefits:
Targeted testing: You can focus on the relevant areas because you already have some information about the system.
More efficient than the black-box: Basic information and access to information will help you identify potential problems more quickly.

Disadvantages:
Information processing time: Interpreting the data obtained beforehand can take time.
Not a completely realistic simulation: An insider attacker may have more information than is provided to testers.

Example case:
A customer with a user account tries to gain administrative privileges, access sensitive data, or damage the company.

WHITE-BOX Test

We have full access to the system (e.g. source code, documentation, architecture), so the testing is done with full transparency.

Benefits:
High coverage: You can test for all possible vulnerabilities, including faults due to internal operation.
Easier to fix: Developers get accurate feedback on where problems are.

Disadvantages:
Time-consuming preparation: A large amount of information is needed to start testing, which can be time-consuming for complex systems.
Too technical approach: The real attacker's perspective is less taken into account, as not all attackers have this depth of information.

Example case:
Source code analysis is used to identify a faulty authentication mechanism in an application.