Frequently Asked Questions

The short answer is that if your business processes sensitive data, it is recommended that you test your security on a regular basis. Security is often overlooked by companies, which leads to negative consequences for the business, such as financial losses, reputational damages, leaking of commercial secrets, and other aspects, that are critical for your business continuity.

The price for our services is determined when we have sufficient information about the type and scope of the testing that will be conducted. To receive an offer, you first need to fill out our pre-scoping questionnaire, so that we can estimate the resources needed for the testing, after which we will get back to you with a proposal.

The duration of the testing is case-specific, as it depends on the scope of the testing that needs to be conducted. A project can take anywhere from 5 to 30 days, sometimes more.

We do not have a practice to fix the vulnerabilities that we find, due to the possibility of conflict of interest. However, we will consult your team during the process of remeditation of the discovered vulnerabilities. In case you don’t have the capacity to fix them internally, we can refer you to one of our partnering companies, that will take care of them for you.

We work with companies in sectors, such as banking, insurance, fintech, eCommerce, telecommunications, online gaming and gambling, and others that process sensitive data. Our work is of confidential nature and therefore we are not allowed to disclose information about specific companies that we work with, unless otherwise stated by the client.

We have been referred by a number of our previous clients, whose references you can find in SoCyber’s presentation.

There is not an official certificate that permits the testing of the security of applications and networks. However, there are strict rules and procedures that are in place, and must be followed at all times. When testing, we make sure to stick to the best industry practices and standards, while documenting each step of the process, as well as the vulnerabilities, that we find. When the testing is finished, we compile a report that is sent to the client.

The penetration testing report covers the activities, performed during the penetration testing. Therefore, the report represents the discovered vulnerabilities in two parts:

  1. Management part, which is intended for the management of the company, and includes:
  • A general description of the security of the systems.
  • The impact that the discovered vulnerabilities might have on the information security.
  • Required security measures to address the problems.
  1. Technical part, which provides an overview for the technical department of the organisation, and contains:
  • Definition and classification of risk levels, used to classify the detected vulnerabilities.
  • Description of the information gathering phase for identifying information systems.

Results of scanning and exploitation of detected vulnerabilities, description, impact, criticality, affected asset, proof of concept, vulnerability replication method, and remediation steps.

We have a team of experienced penetration testers, who have between 5 and 12 years of expertise in the field of security testing. Some of the certifications that they currently hold, are CEH, OSCP, CCSA, and others.

There’s three types of penetration tests that can be carried out: Black Box, Grey Box and White Box Testing. Depending on the structure of your company, and the scope of the project at hand, we can consult you on which type of test is most appropriate for your needs.

  • Black Box Testing – It requires no knowledge of internal paths, structures, or implementation of the tested software.
  • Gray Box Testing – In Gray Box testing a tester attempts to find security bugs with incomplete information of the software product’s inner code structure.
  • White Box Testing – White Box testing provides the tester with knowledge of the application structure and functionality. In other words the purpose of the white box testing is to test the application from developer’s point of view.