PENETRATION TESTING

We perform penetration tests and vulnerability assessments.

Network Penetration Tests

Network penetration tests are focused on finding vulnerabilities within your network infrastructure. This service goes beyond the network vulnerability assessment. The aim is to demonstrate how vulnerabilities in systems on the network can be exploited with a view to gaining full access to the network environment.

Web Application Penetration Tests

Penetration testing web applications is important to discover vulnerabilities and security issues that can be openly accessed and potentially exploited by anyone on the internet. Our penetration testing methodology involves manual testing of the web application by experienced security experts and covers the OWASP top ten vulnerabilities.

Mobile Application Penetration Tests

Mobile application penetration tests include reverse engineering of the application, application runtime analysis, traffic flow & encryption flaws, insecure storage, code signing, memory protections, API endpoints analysis as well as fuzzing and exploitation. We will test your Android and iPhone mobile applications to make sure they cannot be compromised. We can also include backend servers in the testing.

Wireless Network Penetration Tests

The Wireless Penetration Testing service involves attempts to crack Wireless Encryption and Authentication mechanisms, setting up rogue access points along with test phishing portals, various man-in-the-middle (MITM) attacks, Denial of Service Testing and Bluetooth Security tests.

Network Vulnerability Assessments

External network vulnerability assessments are performed on the public-facing elements of your network environment which are exposed to the internet. The vulnerability assessment report will provide visibility of security issues that could be exploited by an attacker to gain access. Internal network vulnerability assessments are aimed at testing security controls in place to protect from attackers which have gained network access beyond the perimeter security controls.

Web Application Vulnerability Assessments

We perform vulnerability assessments on web applications to discover potential vulnerabilities and security problems. The report will highlight vulnerabilities and security issues that would be easily found and potentially exploited by anyone on the internet.

Social Engineering

Social engineering, in the context of information security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. During a Social Engineering Audit, we can perform tests electronically (computer based). We gather a lot of open-source information prior to any engagement through online information gathering. We will then send a combination of phishing and spear phishing emails to company staff and record clicks on links, opened attachments and other actions users may perform.

OSINT Cyber Intelligence

We offer an intelligence service to the private sector by proactively monitoring and reporting activity in cyber space, which concerns our client’s interests. We turn all intelligence into an informational product delivered to the client. Our Cyber Intelligence reports are not comparable with classical technical Cyber threat feeds or standard security advisories. Our Cyber Intelligence Analysts gather intelligence, which is of concern to the client’s business interests and provide comprehensive reports.

Leveraging Bug Bounty Hunting Expertise

Many of our consultants are actively engaged in public and private bug bounty programs for brands like Amazon, Twitter, Facebook, Google, Uber, LinkedIn, the U.S. Department of Defense and others. These are often seasoned and extremely hardened systems and applications, yet our consultants discover and report high impact flaws in these companies on a regular basis. We are leveraging our bug bounty expertise on hardened systems and applications in our Penetration Testing methodology. One of our founders who goes under the nickname of “bongo” managed to achieve 3rd. rank amongst hundreds of security researches on Bug Bounty Hunter https://www.bugbountyhunter.com/hunter/bongo

Why Codigo Security?
  • Consultants with 10+ years of ethical hacking experience
  • Consultants certified to highest levels such as OSCP, OSCE, OSWE, GIAC
  • Experience across all industry and government sectors
  • We are an independent third party concerned with finding & fixing flaws
  • No conflict of interest. We are not embedded with hardware or software vendors
  • Dedicated Red Team approach with specialists in all technologies

Have Questions?

Get in touch and we can help you.