Managed Security Services

Fully-managed, outcome-driven, security services. Offload your management and technical team and focus on your core business.

Offensive services

NPT - Network Penetration Testing

Manual check of the effective security level of an IT infrastructure through the stimulation of techniques and procedures typical of an attacker. A NPT is finalized to the identification of undiscovered security issues that wouldn't be detected by automatic tools. Experience and creativity are summed to the usage of the most qualified methods, such as OSSTMM and OWASP.

PDF NPT In detail
WAPT - Web Application Penetration Testing

Manual check of the effective security level of an IT infrastructure through the stimulation of techniques and procedures typical of an attacker. A WAPT is finalized to the identification of undiscovered security issues that wouldn't be detected by automatic tools. Experience and creativity are summed to the usage of the most qualified methods, such as OSSTMM and OWASP.

PDF WAPT In detail
MAST - Mobile Application Security Testing

A Mobile Application Security Testing activity represents the simulation of an attacker against an application which is directly downloadable from the official stores (AppStore and PlayStore) or provided in an alternative way for internal use. Depending on the type of application and on the level of access obtained, the tester will try to modify the application flow and to manipulate and exploit the data saved locally and on the remote server.

PDF In detail
EH - Ethical Hacking

Attackers don't follow rules and can operate in several different ways in order to reach their goal with minimal effort. Our Tiger Team will analyze the IT infrastructure, procedures, human resources and physical security of the client to discover the leaks and exploit them in order to perform a simulation, as much correct as possible, of what could happen in real terms.

PDF EH In detail

Defensive Services

VA - Vulnerability Assessment

Execution of a series of non-invasive manual and automatic (through open source and commercial software tools) audits of IT infrastructure and web applications. A VA is able to detect possible known vulnerabilities. None of the services that we provide is merely automatic so our VA have a superior quality though keeping reduced cost and time.

PDF VA In detail
CR - Code Review

Application source code analysis aimed to detect security issues and bad precises. CR allow us to detect the majority of vulnerabilities, since it is a White Box activity (where the client provides all the information that are useful for the auditor), even the ones that normally wouldn't be exposed during a WAPT o a NPT. Many of the vulnerabilities that we discovered in our research activity came from the analysis of the applications source code.

PDF CR In detail
TRA - Training

We suggest different training and updating courses for web administrators, system analyst, developers and penetration testers. Training is a fundamental element to increase the security level and the teams awarness on the long run.

PDF TRA In detail