Security Audit

Security Audits

We perform a broad scope of technical audits related to cybersecuritysecurity testing, cloud security, vulnerability assessment, smart contracts audits, configuration audits and source code reviews.

Get a quote

See the Competencies of Our Team

Our team identified and responsibly disclosed multiple critical and high rated vulnerabilities in popular global utilized products. We received acknowledgements eg. from the following organisations:

Adobe
Netflix
Mozilla
Google
Apple
Microsoft

Cybersecurity audit

Security audits of IT systems are done to confirm, that the infrastructure deployed in the organization fulfils security requirements and does not contain security vulnerabilities compromising the confidentiality, integrity or availability.

Security config review, build review

Config reviews and build reviews are performed on software solutions such as operating systems, services (e.g. HTTP). We verify the configuration in relation to security based on benchmarks such as NIST, CIS and recommendations from the vendor.

Security code review

Source code audits may be connected with a whitebox pentest or be delivered as a separate service. The code is verified for security vulnerabilities. The analysis is performed manually with aid from automated tools and custom scripting. We have experience in reviewing applications written in i.a. Bash/C/C++/Java/JavaScript/.NET/PHP/Python/Ruby.

Cloud security assessments

Currently most of the organisations use at least one public cloud (infrastructure as a serviceIaaS) provided by Amazon, Microsoft or Google. More and more frequently public clouds (AWS, Azure, GCP) are mixed with private clouds (OpenStack, local Kubernetes) in hybrid environments. Additionally, cloud environments are often very dynamic and created using infrastructure as a code (IaC) approach developed in CloudFormation or Terraform and many applications are created using serverless technologies (Lambda, Azure Functions, Google Cloud Functions). In those cases the underlying infrastructure is managed by the provider, but it does not mean the provider is fully responsible for everything (shared responsibility models), thus the security of the environment is still a concern of the organisation.

We deliver cloud security assessments of the most prominent public clouds: Amazon Web Services (AWS), Microsoft Azure, Google Cloud as well as private cloud solutions: OpenStack and Kubernetes clusters. The security analysis is focused on security misconfigurations and the compliancy with the best practices recommended by the cloud providers. We perform a manual verification of the most crucial elements like the identity and access management (IAM), critical services, infrastructure code (CloudFormation, Terraform) as well as readiness to handle incidents in the cloud (logging and monitoring).

Smart contract security audit

Before deploying a smart contract on a blockchain it is important to perform a security assessment in order to verify whether it does not contain security vulnerabilities. In a rapidly developing world of decentralized finance (DeFi, NFT) security issues are actively exploited by black hat hackers often resulting in significant loss of funds.

We perform white box security assessments (code security reviews) of smart contracts written in Solidity (e.g. Ethereum and EVM-based blockchains like for instance Binance Smart Chain), Rust (e.g. Terra and Solana). A security review focuses on issues such as theft and locking of funds, business logic errors, overflows/underflows and re-entracy attacks to name a few examples. We use a hybrid approach where auditors perform most of the work by manually reviewing the code with the help of automated tools – performing static and dynamic analysis.

Vulnerability assessment

Vulnerability assessments are performed by automated tools, which identifies mostly already known security bugs, for which it has defined plugins. In the next phase identified vulnerabilities are manually verified by our pentesters in order to eliminate false positives.

IT security audit

When in need of conducting it security audit we recommend to perform the following: config and build review, penetration testing and optionally code review. In case of a smaller budget or if a pentest was never done before it might be a good idea to start with a vulnerability scan to eliminate low hanging fruits.

Remote work environment security review

We perform security evaluations of work from home (WfH) setups. On the user / employee side review of system builds and configuration reviews can be performed. Additionally applications used for conference calls, messaging, VPN clients and all other typical apps used in a remote work scenario can be assessed. On the employer side we can test the security posture of external infrastructure responsible for granting remote access e.g. VPN servers.

Explore Our Offer

We deliver advanced technical consulting services covering multiple aspects of cybersecurity from red team to blue team. Thanks to a diverse experience in IT security we are able to look at a wider perspective during engagements. Our abilities come from many years of work experience in cybersecurity and are confirmed with certificates, publications, advisories and references from our customers.