Cyber security is a fairly new and not so well-known area of IT security. Hackers are usually one step before the companies and can easily cause serious money, data and reputation loss to companies. With our services you can prepare and fight against these threats successfully. Reduce your companies exposure with our different cyber security services powered by secdeveu.
Vulnerability assessment and penetration testing is the most common practice of testing the security of applications. The goal is to examine the weaknesses and vulnerabilities of up and running applications in an environment almost identical to the production. The testers (aka ethical hackers) use attack approaches most closely resembling those supposed to be used by the potential hackers.
There is no one baseline that a software should comply with in order to be secure. There are such standards like OWASP, ASVS which sets baselines to assess the security of (web) applications, but in any given case the understanding of the actual business case, operational risks and technical environment greatly helps proper security testing. The vulnerabilities and weaknesses of software must be understood in real-life context. What are the possible cases of misuse of the application? What gains attackers will pursue? What motivation/budgets may the potential adversaries have? Possible questions of this nature should be clarified before the technical testing begins. One of the most effective ways to find weaknesses and vulnerabilities of an application is to look at its code and talk to its developers.
With our trainings we can help to improve the cyber security knowledge in your company. We can provide you tailor-made courses on several different topics hosted by the best experts from the profession. We will teach you how to fish, instead of giving lessons the species of fishes. We do trainings on Java/JEE, Javascript/React/Angular, Node.js, iOS/Android, C#/.net, C++, Golang, Python, Kotlin and PHP secure coding, IoT, docker, AWS and mainframe security, also S-SDLC (secdev playbook), CI/CD pipeline (security testing automation and vulnerability management) and even about testing with Burp for devs. Our courses are mostly structured around the OWASP Application Security Verification Standard (ASVS), and are based on cloud-hosted exercises and do-it-yourself tasks.