Better safe than sorry!
Recent incidents like heartbleed and wannacry have shown the danger of cyberattacks - make sure your IT is safe with the MVPF Security Assessments.
Scope of test1 module (web app or website) on 1 domain.We define the scope together and you receive a custom offer.
500+ automated tests
Manual validation through penetration test
Detailed vulnerability report incl. OWASP Top 10
Solution manual for fixing
Dedicated Security Specialist
Why MVP Factory
Our experts have hacked into NASA, the Royal Navy and earned the Google Security Award.
Automated tests cannot replace an attacker’s mind. We focus on manual testing.
High focus on manual testing keeps our approach flexible. We can react individually to every obstacle.
For every single discovered problem - step-by-step. If needed, we also help you fix them.
Report in clear, non-technical language, so all decision makers fully understand all implications.
Our strictly proven process is certified by ISO, ACE, Cisco, CompTIA, Microsoft
We combine vulnerability assessment and penetration test to not only identify all relevant issues
but also validate them through exploitation.
We scan all network devices, operating systems and software applications in the scope, in order to identify all known and unknown vulnerabilities.
We exploit the found vulnerabilities, to show how far an attacker could get. A real life attack by our experienced team.
We work according to a very well documented and tested methodology.
We sign our NDA
Together we decide which assets to test
Your personalized offer based on agreed scope.
According to our agreed schedule
We provide the solution so you can fix the problem
After 3 months to assure all problems have been properly fixed
From years of experience, we shaped our unique, proven approach
to security assessments.
- Automated tools identify all vulnerabilities - these are then manually validated.
- Two teams check your systems independently to achieve full validity of the results.
- The findings are aggregated into a final report.
- Your in-house team gets time to fix all vulnerabilities.
- In a final re-test, we make sure all issues are fixed to perfection.
To start out we need some information about you and the scope of the assessment. Which and how many domains, subdomains, IPs, mobile and web applications would you like us to test?
Before the start of the test, you will have to sign a letter of consent, where you confirm the ownership of the IPs and applications in the scope and you agree to the following test. Moreover, we are going to sign a statement of work, where we commit to the deliverable within the scope.
We need about 10 days notice from first contact till the beginning of the assessment. The results of a Standard assessment can be delivered within 3 days. A Professional security audit will take approximately 6 days depending on scope.
The deliverables in our security assessments are:
- Complete testing of the systems within the scope at the most granular level
- Realistic attack scenarios which portray actual methods and results of an attacker
- Executive summaries for every technical vulnerability, enabling ease of understanding by other non-technical parties
- Clearly explained step-by-step definitions of each and every vulnerability with different methods and scenarios of exploitation
- Clearly and strictly defined short-term, mid-term and long-term roadmaps on remediation of each discovered vulnerability
- After you confirm that the vulnerabilities in the Professional security report were fixed, a retest will take place, followed by a new security report, containing the status (fixed/unfixed) of the vulnerabilities (only in Professional assessment)
The results will be presented in our Security Report. You can find a sample report including a detailed table of contents here.
We take privacy very seriously and will not hand data to any 3rd parties without your consent.
During the entire process and beyond, we will handle each and every bit of your critical data according to strict confidentiality and integrity standards, according to our NDA. These include:
- Definition of access clearances among the testing personnel and inside the company
- Using high-end encryption systems and algorithms for every storage unit inside the company
- Acting according to strictly secure transmission channels guidelines when reporting our findings
- Ensuring safe and secure deletion of all traces and remains from a security testing service upon completion
Let us hack you before they do!
How secure are you? Let’s make sure your data is safe!