Cyber Security
In a world where we put more and more of our and our clients’ lives in the Internet and manage it digitally, the cyber security is a must. A huge number of new coming technologies, such as Big Data, IoT, Blockchain, etc., makes it even more challenging to deliver secure products. Thus, security must be combined in the whole process of product development.
Entegrio’s security team delivers a comprehensive IT security services to defend your products from various types of threats in all development phases, from the consulting in the design phase to the penetration tests of implemented solutions. We have experience confirmed by many audits and applications carried out in the generally accepted „responsible disclosure” procedure.
Whether your product is a web, mobile or desktop application, whether it is an enterprise application, startup or a legacy system, Entegrio offers quality and cost-effective security audits and consulting because of our expertise in the field, a robust and transparent process suited to your needs. Our team consists of experts across a wide range of architectures, technologies, platforms and devices.
Entegrio’s security services:
- Application and infrastructure security audits
- Penetration tests of mobile, web and desktop applications and devices
- Evaluation and consulting of security measures and cryptographic solutions and analysis of the correctness of their implementation
- Reverse engineering and malware analysis
- Source code review for security and logic errors
- and more...
We perform penetration tests for:
- Infrastructure
- Web (including API)
- Mobile (including Android and iOS)
- Cloud (including PaaS, SaaS)
- Desktop (including thin and thick clients)
- Blockchain (including smart contracts)
- Internet of Things (IoT)
Our tests are compliant with the requirements for PCI DSS certification.
Infrastructure security
The basic step of security assessment in the organization is the network penetration test. It allows for a relatively quick assessment of the network security as a whole. The aim is to assess the IT environment for known and unknown vulnerabilities that compromise the security of information processed by the organization.
During the penetration test we assess the following:
- Security of network devices and its services
- Vulnerability to the known network attacks
- Configuration of the newtork services
- Communication security
- Access to the restricted area from public
- Effectiveness of protection mechanisms
- Enumeration of intruder devices
Our team creates a proof of concept if needed to confirm the possibility of obtaining unauthorized access to key resources of the network - for example, we gain the rights of a domain administrator with privilege escalation vulnerability.
Web application security
Modern websites allow processing and storing of sensitive customer data (e.g. PII, credit card numbers, social security information, etc.) for immediate and long-term use. This is done using web applications with features such as login pages, many types of forms, shopping carts and content management systems which provide businesses with the means to communicate with their potential customers.
On the other hand, new attack types and vectors appear every day, making companies, communities and individuals take security more seriously than ever before. Entegrio’s team is here to help with the security assessment of the following components and features in your web applications:
- Application architecture
- Authentication and authorization process
- Session management
- Input data validation
- Cryptography
- Error handling
- Data protection
- Communication
- Business logic
- Configuration
We base our tests on the methodologies and standards provided by the globally known OWASP foundation, such as Application Security Verification Standard (ASVS).
Mobile application security
Market research shows that mobile devices are the basic device for communication and operations. Therefore, mobile security plays an increasingly important role in the protection of information assets, and this applies to both home and corporate users.
Our tests verify the correctness of the following aspects in the mobile security:
- Design and Architecture
- Data Storage and Privacy
- Cryptography
- Authentication and Session Management
- Network Communication
- Environmental Interaction
- Code Quality and Build Setting
- Resiliency Against Reverse Engineering
We base our tests on the methodologies and standards provided by the globally known OWASP foundation, such as Mobile Application Security Verification Standard (MASVS).