Penetration testing

Penetration testing

Penetration testing

Want to know how to head off a hacking attack? Take advantage of our certified security specialists’ long experience and allow them to carry out a prearranged “hack” of your systems, during which they will seek out security vulnerabilities which could result in leaks of sensitive information. The test deliverable is a detailed final report which will serve as a guide to designing better security. Below, you will find the most common types of tests, which we always adapt to the specific needs of our clients.

Website/web application testing

This is intended for both small websites and complex portals. We will sniff out known vulnerabilities according to the OWASP standard as well as those emerging from application logic errors (login, checkout, etc.). We utilize state-of-the-art software tools complemented by our hackers’ expert skills.

Mobile application testing

Do you have a mobile application that handles personal data? Are you making financial transactions in the app, or want to verify its quality from a security perspective? Our ethical hackers will prepare a detailed analysis of the application according to OWASP Mobile Security methodology.

PCI DSS (Payment Card Industry - Data Security Standard)

Companies processing payment card transactions should regularly test that their systems meet the requirements of the current PCI DSS standard. Citadelo has carried out dozens of these tests. And we would be happy to help you secure this sensitive client data.

Internet of Things (IoT) testing

In addition to traditional IT infrastructure, we also work with devices and web services in the “Internet of Things” category. Today, IoT and smart devices are installed in homes, corporations and industrial settings, however the security risks connected with them are severely underappreciated.

Social engineering

Testing security measures through social engineering is an even more popular test which makes use of various manipulative techniques to gain access to a facility or to computing infrastructure. Typical scenarios including sending phishing emails, planting malware on removable media, or attempting to obtain sensitive data via a telephone conversation.

Source code review

This service combines automated source code testing by specialized software with a subsequent detailed examination of the results by our specialists. A recommended component is consulting with regard to how to properly design the architecture of your software project so that it meets IT security requirements.

Red Teaming

Feeling confident about your overall security level? Afraid of nothing? Want to experience the closest thing there is to a real world organized hacker attack? Then a Red Team assignment is what you are looking for. You name an objective (like "Data from CRM") and the limits ("Don't steal the server please"), we perform the reconnaissance, prepare an attack plan and execute it. Over the internet, or by gaining access to the building, we always try to find a way.

How can I help you?
How can I help you?
Tomáš Horváth
I’m ready to help.