PENETRATION TEST

Order to be ethically hacked by a team of professionals to discover how to protect your Informational and IT assets.
There is a variety of approaches for penetration tests to be executed. Each of them was designed to fit a particular customer specific need.
The combination of below settings forms a service product:
ATTACK VECTOR:• Internal Penetration Testing• External Penetration Testing​KEY TARGET:• Web site or service• API• Network equipment• Wireless access point• Database• Server infrastructure​ASSESSOR AWARENESS LEVEL: • Blackbox• Grey- or Whitebox​ASSESSMENT TYPE:• Visible. Customer has full information about the time and plan of the test • Implicit. Customer has partial or approximate information about the test• Blind. The only information Customer has is that the test is being planned

SOCIAL ENGINEERING

User is always the weakest point. Test your employee's cyber hygiene skills and their ability to resist APT
We believe that Social Engineering is a state-of-art in much higher degree rather than just a common set of testing practices.
At Cyber Clew we respect and rely on the industry standards and recognized best practices, still applying the out-of-the-box thinking approach.
More than 80% of successful intrusions happen with the help of spare phishing attack, which allows to gain access to the user credentials and eventually get into the protected perimeter.
The ultimate goal of a social engineering is to trick users into making security mistakes or giving away sensitive information using a psychological manipulation.
By studying openly available data over internet, including social networks, forums as well as dark web, our engineers design a sophisticated plausible scenarios of target mailing, making the victim to believe that the received content as well as the sender are legitimate.
Such human resistance tests are vital for a sustained cyber security ecosystem development for any organization.

SOURCE CODE ANALYSIS

Address security flaws on the early stage and save resources on the counter measures implementation
Have you ever considered that the most cost effective way of mitigating the risk of vulnerabilities is to get rid of them during the first stages of your SDLC?Companies invest millions of dollars annually, trying to purchase complicated cyber security software and hardware solutions, which address code development mistakes and typos.
IF YOU OWN A SOURCE CODE OF YOUR APP OR HAS A PERMISSION TO CHECK IT, CHALLENGE IT'S SECURITY BY:• Reviewing the architecture of the overall solution• Semi-automatic analysis of the final build including frameworks and the code itself• Applying manual validation and human-eye review• Detection of backdoors• Checking API calls misuse
FINAL REPORT INCLUDES:• The list of critical vulnerabilities to address• Detailed recommendations on how to correct the code• Code optimization recommendations• Risk assessment and possible attack vectors• Repeated scan once the developers have corrected the code