Certified Penetration Testing

The world of cybercrime is advancing at pace, which presents an ever-growing range of threats for every external facing system in a company irrespective of size, location, industry, budget or resource. That’s why penetration testing – or pen testing – has grown to become one of the most popular system security services offered by our highly accredited engineers.

We will test and enhance your web and mobile application security, alleviating the risk of a successful security breach.

What is a Penetration Test?

A penetration test is a secure way to gain assurance of your system security using the same tools that an attacker may use to find vulnerabilities in your security.

During a web or mobile penetration test our certified ethical hackers attack your assets from an intruder perspective, focusing on identifying vulnerabilities in your system, and advise you on how to fix them, before hackers exploit them.

Why Conduct Security Testing?

Reduce Risk

Risk aversion is key when protecting sensitive data or critical infrastructure. The negative impact, financially, to your clients and your business reputation can be irreversible if your system falls victim to a cyber attack.

Compliance

If security governance and information security management is regulatory in your industry then third party pentesting could be mandatory for you to be compliant. We can provide testing for PCI DSS, HIPAA, ISO27001, SOC 2 and other governance.

Customer Requirements

Assure customers that your product meets security standards giving them confidence that their data is safe.

We are thrilled with IDS Group’s pentesting service. The team were professional and tenacious at every stage of the process, committing attention to detail and unswerving support throughout with consistent communication at every stage. Post assessment we utilised their expertise working with our team to fix all vulnerabilities found, making them security partners, not just pentesters.

Luke Allen
Managing Director, eviFile

Accreditations & Certifications

The extensive knowledge and expertise of our specialists are confirmed by the most respected cyber security certifications and accreditations. These are held by the company and independently by individual experts within the team.

Our cyber security experts

The human factor remains the most important part of security testing. That’s why our certified security experts are rigorous, challenging and passionate about what they do. Using only white hat penetration testing techniques, we’ll typically:

Gather information about the target
Locate possible entry points
Attempt to gain access
Test the disaster recovery strategy
Collate our findings on all identified weaknesses
Devise a proposed security roadmap
Work with IT leaders to implement our recommendations and eradicate current vulnerabilities.

**Denis Koloshko**

Chief Technical Officer

An expert penetration tester who describes his ‘dream job’ as the one he has now, Denis is a highly-qualified security consultant with over 15 years’ IT experience, 11 Microsoft certificates and two philosophy degrees!

**Veronica Yudina**

Cyber Security Account Manager

Fanatical about user behaviour and client insight, Veronica adds her system security knowledge to every solution she delivers.

**Sergey Kuluga**

Lead Systems Infrastructure Engineer

Having worked for large organisations internationally, Sergey has amassed 20 years’ experience within the information technology and services industry.

Frequently asked questions

What is our methodology?

Our methodology is OWASP Web Security Testing v4.2

How does our pentest vary from other vulnerability assessments?

Our USP – deep manual penetration testing that allows to discover more than 90% of all vulnerabilities. We also use automatic vulnerability scanning during a pentest and manually investigate each finding.

How much of our service is automated testing vs manual testing?

The testing process is 80% manual and 20% using automated tools. We believe only deep manual testing can achieve high-quality penetration testing results.

How do we eliminate false positives?

Our pentest is a real attack on the app with the same instruments and knowledge that real hackers use. It is rare for our penetration tests to produce false positives due to their manual process. All outputs from vulnerability scanners are analysed manually as well. You will have the opportunity to clarify findings and ask questions after receiving the Pentest report. Rarely it is possible to remove a found vulnerability from the final report or change the risk after discussion with a dev team.

Will/can we exploit identified issues proving more than validation?

Each finding should be reproducible. Sometimes we assemble several vulnerabilities to develop and show scenarios of the most dangerous attacks – exploits are developed sometimes only for such cases.

Success Stories

DIGITAL WORKS MANAGEMENT PLATFORM

Developing the new digital standard for work scheduling and task management

**INNOVATIVE INSURTECH SOFTWARE**

Developing an award-winning insurance customer engagement platform