- info@sec4good.cz
- V Olšinách 2300/75, 100 00 Praha 10
Want to make sure your new app is secure? We’ll test it in accordance with the OWASP methodology. After ordering, we’ll get in touch and agree on the scope of the test to pinpoint what is and isn’t subject to testing. Then, our team will perform the testing and evaluate your application. The price depends on the size of the application and starts at CZK 52,000 excluding VAT.
How resilient is your internal network? Do you have an overview of all the devices connected to it? Do your accounts have strong uncrackable passwords?
This service will give you an overview of all the nooks and crevices the attacker can get in, if they gain access to you internal network. It isn’t uncommon for attack to originate from the inside in the form of disgruntled employees. All it takes for the attacker to gain access is a misconfigured shared disk, plaintext storage of passwords, or an employee forgetting to lock their computer when leaving for lunch.
We’ll start by setting the rules of the engagement and scope. The testing itself can be carried out via a remote VPN, remote access to a computer in your internal network, or directly on-site. All of these parameters impact the cost of the service which is determined individually. This service starts at 65 000 CZK without VAT.
Are you aware of what’s “flying” across your network around you? All it takes for an attacker to get in is an unauthorized wireless router connected to your network. Things like these may happen on accident such as when employees try to extend the coverage of the wireless network.
We’ll audit the settings of your wireless devices and try to gain unauthorized access. In case of free hotspots, we’ll test if it’s only access to the internet the users are gaining or whether they may access your internal network as well. This service starts at 35 000 CZK without VAT.
Customers are often afraid to “let an attacker into their network.” However, it’s only a matter of time before an attacker finds an exploitable vulnerability and it’s always preferable to have a pentester find it first. The financial costs to cover the aftermath of an attack are more often than not much higher than the cost of a pentest.
What are we capable of testing? Today’s IT is broad and complicated opening up many areas.
This test case is characteristic in that the tester has no information about the subject whatsoever. It’s used to simulate an unprivileged adversary from the initial access phase to execution and exploitation. This scenario can be considered the most authentic to a real-world attack and demonstrates how an adversary without priory insider knowledge would attempt to compromise your organization. That’s also the reason why this test is the most costly and takes the most time.
In this test, only limited information is given to the tester, usually login credentials. The test is useful for understanding the level of access that a privileged user might gain and the potential damage they might inflict. The test strikes a balance between depth and effectiveness and can be used to simulate either an insider threat or an attack that has breached the network perimeter.
In most real-world attacks, the attacker will perform reconnaissance of the target environment, which will provide similar knowledge to an insider. Customers often prefer this test as the best balance between efficiency and authenticity, as it eliminates the potentially time-consuming reconnaissance phase.
In this test, the tester receives all network and system information, including network maps and passwords. This saves time and reduces costs. This penetration test is useful for simulating a targeted attack on a specific system using as many attack vectors as possible.
