Penetration test is an imitation of actions of a malicious user or an attack on a computer system, web application, API or network infrastructure by a hacker. Such imitation aim is to assess the level of security of a system by exploring possibilities of gaining access and/or control over system's features and data that would impose the threat of losing financial assets and/or critical data.
Get Report Example
We offer Cybersecurity Services that enable Cybercrime prevention for Businesses which lack the scale, expertise, or time to do it themselves.
Follow the experience of ICOs and companies that are cyber-protected now!
You may find the answer in the cybersecurity statistics of 2017
of all legitimate websites contain unpatched vulnerabilities.
The cost of an average data breach in 2017.
of cyber attacks target small and medium businesses.
For an average user, a web application is a client-server program in a web browser. For a black hat hacker, a web application is an opportunity to steal sensitive data.
Cyber attacks on web apps range from targeted database manipulations to large-scale network disruptions. Some companies never recover from significant data breaches. Flawed coding or failure to sanitize input to
Hacken web application penetration testing delivers detailed results that include criminals’ attack simulations showing how an attacker can exploit a vulnerability. We combine automated and manual penetration testing to achieve the most accurate result. Automated tools and scanners discover almost all technical vulnerabilities, while a penetration tester identifies logical vulnerabilities.
It takes excellent technical skills and experience of penetration testing company to identify complex flaws in authorization and business logic of the web app. We provide clients with insightful analysis and recommendations on how to eliminate vulnerabilities.
It is pointless to develop an attractive app if there are holes in the servers that store and process customer data. At the same time, completely secure servers cannot save customer data from retrieval or redirection to a remote attacker if an app is insecure.
Hacken’s mobile app penetration testing provides an insightful security analysis of phone and tablet-based apps. A well-balanced combination of automated and manual penetration testing helps achieve the most accurate assessment compared to other pen testing companies.
Our penetration testers identify vulnerabilities that can be misused to steal funds from the customers’ and investors’ wallets or loot funds from an IT company's account damaging the reputation of the project.
The role of servers, employee devices, and routers is usually underestimated when it comes to corporate security.
In fact, black hat hackers target anything that stores, processes, and transmits personal information.
It is unlikely that an average user is aware of the risks connected with his/her WI-FI router. However, a mature company should take into account all possible hackers attack vectors. A company’s network may be under great risks due to a wide range of security flaws including misconfigured software, outdated software or operating systems, insecure protocols and unnecessary exposures.
Vulnerability research provides a comprehensive testing of a company's servers and network infrastructure to ensure that the company is highly protected against a range of cyber threats. Hacken’s white hats will check whether the organization has any exploitable vulnerabilities in networks, systems, hosts and network devices.
Engaging vulnerability assessment companies is a step ahead of black hat hackers. We will reveal possible opportunities for hackers to compromise systems before they are able to exploit them.
First of all, it’s paramount to make sure that systems remain uncompromised no matter what. Since all exchanges are browser-based, an exchange may want to simulate a hacking attempt, i.e. Black Box test, but for a more comprehensible result, many choose to conduct a Gray Box test.
To test the logic at work, we’ll need to conduct at least 5 transactions of buy-sale and/or input-output. Moreover, the testing supposes a check of KYC Verification procedures and authentication process, API testing, and test of WebSockets.
1) Information Gathering
A search for any data about the system, mobile app, or infrastructure through the open sources.
2) Threat Modeling
Based on the collected data, a plan on how to sneak into the system is created.
3) Vulnerability Analysis
Automatic (with the help of scanners) and manual assessment of the system.
Using the identified data, specialists try to perform various manipulations to check how criminals can misuse the vulnerabilities
5) Post Exploitation
Researching what other actions can be performed with the identified vulnerabilities.
Writing a detailed report on the performed actions with the recommendation on how to eliminate vulnerabilities.
There are three types of penetration testing based on provided data and information from a customer: White, Gray, and Black Box.
With the black box model, pentesters have limited knowledge of the network and no information on the customer’s security policies, network structure, operating systems, and network protection in place. With limited details available, an ethical hacker has to penetrate the network as profoundly as possible to detect the hidden vulnerabilities.
White box assumes that a white hat has admin rights and access to configuration files or even source code of application or services. Pentesters have access to server configurations, communication logs, and database encryption principles.
Grey box penetration testing combines the two approaches described above. A white hat receives certain details about the network, such as user login details or the overview of the network. Notably, when testing a web app, a pentester tries to discover potential entry points.
We check the possibility of circumventing the two-factor authorization, session management, bypassing captcha, and other means of protection.
We consider the possibility of input/output of coins from/to user wallets.
We test the possibility of substituting data when placing and buying orders are considered.
We test the security of an account on the crypto exchange. For example, we try to modify account settings, limits, and keys.