Skip to content

CYBERSECURITY

Protect your business from cyber threats:
a strategic step towards sustainable growth.

Standards:
OWASP WSTG, OWASP MASVS
NIST, ISSAF, PTES

Required documents:
NDA | Security Assessment Agreement

Targets: Web, Mobile, Infrastructure (internal/external)

WEB

Penetration testing of web applications is a process that includes a series of steps aimed at collecting information about the target web applications, searching for vulnerabilities in them, and creating or searching for exploits that can successfully compromise them.

Standards: OWASP WSTG

MOBILE

Mobile penetration testing aims to identify flaws that would avoid data leakage or theft for mobile applications (Android, IOS).

Standards: OWASP MASVS

Infrastructure

A security assessment of an organization’s internet-facing infrastructure, such as operating systems, cloud services, servers, and firewalls, requires specialist testing capabilities.

Standards: NIST, ISSAF, PTES

Our Cybersecurity Audit Methodologies

Black-Box (Closed-Box Penetration Testing)

  • Simulation of an external attacker
  • Perimeter security assessment
  • Identification of externally accessible vulnerabilities

Gray-Box Penetration Testing

  • Partial access to systems
  • Insider attack simulation
  • In-depth analysis of selected components

White-Box (Open-Box Penetration Testing)

  • Full access to all systems
  • Detailed code and configuration analysis
  • Identification of hidden vulnerabilities

Estimation

Conducting an audit requires collaboration and close contact with technical specialists from the client's team. Often, their free time is limited, which makes it difficult to complete the audit as quickly as possible.

For this reason, the exact time for completing the project is discussed separately with each client.

Web App Audit

Black-Box Penetration Testing

‣  Imitation of a real cyber-attack (APT) without prior preparation.
‣  Without access to internal information.
  • 2-4 weeks
  • 1-2 dedicated engineer 

Result:
1. Report with detected system vulnerabilities
2. List of change issues for developers


130 hours

Grey-Box Penetration Testing

‣  Simulation of a real cyber attack.
‣  Some access to internal information
‣  More effective than black-box

  • 2-4 weeks
  • 1-2 dedicated engineer 

Result:
1. Report with detected system vulnerabilities
2. List of change tasks for developers
3. Recommendations for platform development to optimize cost, scalability, and security in the future


120 hours

White-Box Penetration Testing

‣  Security audit with complete information about the system. 
‣  More comprehensive (Less Realistic)

  • 2-4 weeks
  • 1-2 dedicated engineer 

Result:
1. Report with detected system vulnerabilities
2. List of change tasks for developers
3. Recommendations for platform development to optimize cost, scalability, and security in the future


170 hours

Mobile App Audit

Black-Box Penetration Testing

‣  Imitation of a real cyber-attack (APT) without prior preparation.
‣  Without access to internal information.
  • 2-4 weeks
  • 1-2 dedicated engineer 

Result:
1. Report with detected system vulnerabilities
2. List of change issues for developers


160 hours

Grey-Box Penetration Testing

‣  Simulation of a real cyber attack.
‣  Some access to internal information
‣  More effective than black-box

  • 2-4 weeks
  • 1-2 dedicated engineer 

Result:
1. Report with detected system vulnerabilities
2. List of change tasks for developers
3. Recommendations for platform development to optimize cost, scalability, and security in the future


150 hours

White-Box Penetration Testing

‣  Security audit with complete information about the system. 
‣  More comprehensive (Less Realistic)

  • 3-5 weeks
  • Two dedicated engineer 

Result:
1. Report with detected system vulnerabilities
2. List of change tasks for developers
3. Recommendations for platform development to optimize cost, scalability, and security in the future


200 hours

Infrastructure & Networks Audit

Black-Box Penetration Testing

‣  Imitation of a real cyber-attack (APT) without prior preparation.
‣  Without access to internal information.
  • 1-2 weeks
  • one dedicated engineer 

Result:
1. Report with detected system vulnerabilities
2. List of change issues for developers


70 hours

Grey-Box Penetration Testing

‣  Simulation of a real cyber attack.
‣  Some access to internal information
‣  More effective than black-box

  • 1-2 weeks
  • one dedicated engineer 

Result:
1. Report with detected system vulnerabilities
2. List of change tasks for developers
3. Recommendations for platform development to optimize cost, scalability, and security in the future


70 hours

White-Box Penetration Testing

‣  Security audit with complete information about the system. 
‣  More comprehensive (Less Realistic)

  • 1-2 weeks
  • one dedicated engineer 

Result:
1. Report with detected system vulnerabilities
2. List of change tasks for developers
3. Recommendations for platform development to optimize cost, scalability, and security in the future


80 hours

Complex Audit

What's included:

‣  Web App Audit
‣  Mobile App Audit
‣  Infrastructure (internal/external)

Standards: OWASP WSTG, OWASP MASVS, NIST

  • 4-6 weeks *
  • 2-3 security engineer 

Result:
1. Report with detected system vulnerabilities
2. List of change tasks for developers
3. Recommendations for platform development to optimize cost, scalability, and security in the future


250 hours *

* The number of hours may be increased depending on the number of supplementary services and endpoints

CONTACT US

If you have some questions, please contact us
Contact DevOps company T4itech
Basic security setup for startups01
Blog article

Basic security setup for startups

You can follow this flow assuming you're starting a product from scratch without existing VNETs, IDPs, or parent companies' networks. However, if you have any of these things, you must adjust the flow accordingly.

Read full article