Information Technologies

Penetration Testing and Security Assessments to Protect Your Business

Are Your Digital Assets Vulnerable to Cyber Attack?

The world of cyber-security is always evolving, adversaries do not rest and in today’s world of e-commerce, incidents of personal data breaches, intellectual property theft, ransomware attacks are more and more common. Therefore, data security is of key importance for long-term success of an organization.

Responsible organizations invest heavily in protecting their digital assets, but all too often they simply take the security of their assets for granted and do not take steps to test their defenses to ensure that they are still strong and up-to-date.  

Penetration testing by SIQ Ljubljana can help to ensure that your data is properly protected. 

Pentest approach

Our security assessment service is designed to detect potential threats and the related risks to information security. We use our knowledge of advanced persisted threats (ATPs) and the tools, tactics and procedures that real malicious actors would leverage, in order to thoroughly test your organization’s cyber defenses. Detailed security assessment/penetration test can help you to:

  • Ensure that every aspect of cyber security is covered
  • Determine cybersecurity level and exposure of critical assets
  • Readiness to detect and mitigate cyber-attacks
Pentest approach

What you get with pentest

  • Executive summary report
  • Risk analysis based on facts
  • Full technical documentation to recreate findings
  • Tactical recommendations
  • Strategic recommendations
Pristop penetracijskega testiranja

 

Pentest services overview

Our penetration tests are tailored to your business or organization specific needs to provide cost effective solution. Methodological approach rules out possibility of false sense of security and guarantee results consistency, so you can rely all vulnerabilities were found.
Suggested organizational structure, project approach, and selected methodology ensure that all procedures and results are carried out and processed according the acknowledged standards and are possible to analyze and review.

Security Assessment Goal Benefit

Red teaming

Red teaming

Simulate adversary and demonstrate how real-world attacker can achieve their goal. Test readiness to detect, respond, and prevent real cyber-attacks.

External penetration test

External penetration test

Try to exploit “crown jewels” on external infrastructure (servers, applications, or even people). Provide you with proof of what assets can be compromised by an attacker.

Internal penetration test

Internal penetration test

Check the effectiveness of internal security controls against an attacker or disgruntled employee with access to internal network resources. Harden your internal infrastructure network and ensure compliance with industry best practices.

Web Application penetration test

Web Application penetration test

Find a vulnerability in an application that enables unauthorized access and modification of data. Uncover application vulnerabilities and identify problems you did not know exist.

Mobile application penetration test

Mobile application penetration test

Find a vulnerability in a mobile application that enables unauthorized access and modification of data. Uncover application vulnerabilities and identify security controls you need to implement.

ICS Scada / ICS pentest

ICS Scada / ICS pentest

Identify vulnerabilities and threats related to ICS/SCADA systems. Reduce the exposed attack surface associated with critical infrastructure systems.

PSD2 revision

PSD2 revision

Evaluate your systems to ensure that the proper technical controls are in place for PSD2 (SCA and dynamic linking). Ensure your business follows PSD2 technical standards.

Social engineering

Social engineering

Test employees’ susceptibility to social engineering, identify weaknesses in processes, procedures, and technology with a clear path to remediation. Determine the effectiveness of information security policies, measure and improve the level of information security awareness.

Wireless Technology Assessment

Wireless Technology Assessment

Determine an attacker ability to gain unauthorized access to your wireless network. Understand wireless network exposure and security level.

Stress tests (DDoS)

Stress tests (DDoS)

Test Internet facing systems and infrastructure against DDoS and related cyber-attacks. Measure resiliency of Internet facing systems and effectiveness of detection and mitigation solutions.

PCI-DSS certification

PCI-DSS certification

Evaluate your systems to ensure that the proper PCI-DSS controls are in place. Ensure your business follows PCI-DSS standards.

Blockchain

Blockchain

Determine the security level on all aspects of the blockchain solution you are using. Ensure your customers data and assets are safe.

Software review / Functional testing

Software review / Functional testing

Check if the software performs only documented functionalities. Ensure software-specific requirements or goals are met.

Malware analysis

Malware analysis

Identify the type of malware that lies at the root of a specific incident. Understanding the extent of an incident and whether there are any more hosts or systems that could be affected.

IoT and embedded device

IoT and embedded device

Determine the security of IoT devices and their associated services. Understand the threats connected devices can pose to consumers.

Swift Assessment

Swift Assessment

Evaluate your systems to ensure that the proper Swift Framework controls are in place. Ensure your business follows Swift Framework requirements.

 

IT audit services overview

Information systems are inextricably embedded in all types of an organization’s business processes. Without a reliable, well managed, and safe information system, we can no longer imagine a day-to-day business. IT audits evaluate the information system’s internal control design and effectiveness and can be used as a tool to reduce the possibility of incidents that could affect the confidentiality, availability, or integrity of the data. An IT audit presents a systematic and professional assessment of technical and organizational controls in the organization’s information system. Its purpose is to verify compliance with the rules, standards, and good practices in the field of information technology.

Security Assessment Goal Benefit

Information Technology Audit (COBIT) 

Find controls that reduce the risk and increase the efficiency of your IT.  Develop, implement, monitor, and improve your IT governance and information management.

Information Security Management System Audit (ISO/IEC 27001)

Find out what are the strengths and weaknesses of your organization based on ISO/IEC 27001.  Gain detailed descriptions of the findings and recommendations for improvement of the organization’s IT infrastructure and processes. 

IT Service Management System Audit (ISO/IEC 20000-1)

Find out what are the strengths and weaknesses of your organization based on ISO/IEC 20000-1.  Gain detailed descriptions of the findings and recommendations for improvement of the organization’s IT infrastructure and processes.

Business Continuity Management System Audit (ISO 22301)

Find out what are the strengths and weaknesses of your organization based on ISO 22301.  Gain detailed descriptions of the findings and recommendations for improvement of the organization’s IT infrastructure and processes. 

IT Project Management Audit 

Determine if a project management framework for IT projects is established and operating effectively.  Verify compliance with the rules, standards, and good practices in the field of IT Project Management. 

Software Audit Review (functionality, security) 

Find out what are the functional and security advantages and disadvantages of your software. Gain an independent evaluation of the conformance of software products and processes to applicable regulations, standards, guidelines, plans, and procedures. 

Certification according to eIDAS Regulation 

Implementation of Legislation Provisions of Electronic Identification and certification.  Provide qualified services based on demonstrating compliance with the requirements. 

IT Audit according to local legislation 

Find controls based on applicable local legislation, and gain an independent evaluation.  Gain an audit report with detailed descriptions of the findings and recommendations.

 

Proactive Defense For Your Organization

Our team works tirelessly to stay up to date with the most recent tactics, techniques, and procedures.

We have knowledge of general threats and industry-specific issues and can provide immediate fixes and long-term best practices to maintain the security of information systems.

The team consists of security experts holding more than 30 internationally recognized security certificates and with years of experience in the field. 

 

Some of Our Partners

Let's start a project together

Do you have a question regarding information security? We are looking forward to hearing from you and will get in touch with you right away to discuss further details.