Young hacker smiling

We hack your software

zero false positives

Expert intelligence + Specialized technology
DXST - SAST - IAST - SCA - DevSecOps
White Box - Gray Box - Black Box
Attacking Web Applications, APIs, Mobile Apps
Client-Server, Servers, Networks, IoT Devices
ICS: Industrial Control System

One-Shot Hacking

The One Shot Hacking service aims to detect and report all vulnerabilities and security issues within one specific version of your application. The rigorous inspection carried out by our team allows us to detect all existing security issues with no false positives.

Hacking techniques

It’s possible to perform source code, application or infrastructure Ethical Hacking. Customers are able to choose which hacking technique best suits their needs to fulfill each system’s required security assessment.

Source code symbol
Source code symbol with successful checks

Coverage

Ethical Hacking can be done to achieve specific coverage, variable coverage or full coverage.

Specific coverage refers to a system where its overall size can be assessed (application fields, lines of code, open ports) and the customer chooses to cover only a specific percentage of the system.

Variable coverage refers to a system where its overall size cannot be assessed and specific scope is predefined (fixed number of application fields, lines of code or open ports). Ethical Hacking ends when the target size is achieved, regardless of the total size the system has.

Full coverage refers to a system where its overall size can be assessed (application fields, lines of code, open ports) and the customer chooses to cover the entire system.

Severity

Customers are able to decide which security requirements will be tested on each Ethical Hacking (Profiling) through our Rules product

Customers will know the exact Ethical Hacking severity for each attack (For inspected and non-inspected profiled requirements).

Checklist
Clock

Duration

Depending on the size of the ToE attack surface.

Inspection Cycles

One-shot Ethical hacking seeks to attack a single version of your application, therefore it has only one inspection cycle on the selected system.

Metal Gear
Person working in a computer

Follow up

Each project will have a project manager, so customers can express their needs before, during and after execution.

Scheduled ethical hacking

After all requirements to start an Ethical hacking have been met, each attack will have a defined start and end date.

Calendar
Environment in a server

Hacking environments

Customers are able to choose one hacking environment from their available software environments (production, development, integration, etc.)

Highly trained hacking team

Our hackers are certified in practical hacking in real scenarios, and have academic backgrounds related to security testing. They are able to perform manual hacking and also use tools to guarantee the reporting of several types of findings including those with specific business impacts, those regarding insecure programming practices, and those regarding standard alignment and security regulation compliance. This enables us to detect Zero Day findings, all with no false positives reports.

Team
Computer with an open lock symbol

Exploitation

As long as we have access to deployed applications and customer authorization, using our own exploitation engine Asserts.

Critical information extraction

Whenever findings indicate the need to obtain information, information extraction is done to maximize finding impacts without compromising sensitive information. Example.

Arrows flowing out of a lock
Skull symbol in front of a computer

Infection

Whenever findings allow it, infrastructure gets infected with malicious files in order to get additional information, infect servers and verify network controls. We use Shells and our customized cyberweapon Commands with previous customer authorization.

Daily progress reports

Daily progress reports are sent via e-mail. Reports include coverage, strictness, partial result and overall progress.

Letter in an envelope
Bar graph with a continuous line on top

Finding follow up using Integrates

Customers can check out finding status during project execution using our Integrates product.

Remediation

Customers can use our detailed remediation guides via Defends.

Question and answer symbols
Computer protected by password

Reports delivered by secure vault

Final reports are all-inclusive (evidence of security vulnerabilities, remediation, etc.) and are delivered to customers using a secure file transfer website.

Validation meeting

Each Ethical Hacking test includes a meeting with the customer’s technical team to validate reports. If there are any issues, these are addressed. This meeting takes place remotely.

Two persons having a conversation
Bar graph in a presentation

Report presentation meeting

his is a formal executive report presentation including questions-and-answers. All project stakeholders can participate. It can take place personally or remotely according to the customer’s needs.

Information gets deleted securely

7 days after customer’s final report approval all information gathered during Ethical Hacking is deleted securely from all our systems.

Trash can with a cloud behind
Checklist

Remediation validation

Up to 3 months after the final report approval, customers can request a remediation validation cycle to check if the findings originally reported were correctly repaired. In order to arrange this, the customer must provide system access and share final reports once again. In the remediation validation cycle the system does not get hacked searching for new vulnerabilities.

  • To check on differences between our services and other providers take a look at our differentiators here.

  • To check on differences between our One-shot hacking and Continuous hacking take a look at our comparative here.


Service status - Terms of Use