This site uses cookies from Google to deliver its services, to personalise ads and to analyse traffic.
Information about your use of this site is shared with Google. By using this site, you agree to its use of cookies.

Better safe than sorry!

Recent incidents like heartbleed and wannacry have shown the danger of cyberattacks - make sure your IT is safe with the MVPF Security Assessments.

  • Standard
  • Professional
  • Scope of test

    1 module (web app or website) on 1 domain.
    We define the scope together and you receive a custom offer.
  • 500+ automated tests

  • Manual validation through penetration test

  • Detailed vulnerability report incl. OWASP Top 10

  • Solution manual for fixing

  • Dedicated Security Specialist

  • Customized tests

  • Re-test

Why MVP Factory

  • Experience

    Our experts have hacked into NASA, the Royal Navy and earned the Google Security Award.

  • Realistic

    Automated tests cannot replace an attacker’s mind. We focus on manual testing.

  • Custom made

    High focus on manual testing keeps our approach flexible. We can react individually to every obstacle.

  • Solutions

    For every single discovered problem - step-by-step. If needed, we also help you fix them.

  • Business language

    Report in clear, non-technical language, so all decision makers fully understand all implications.

  • Certified

    Our strictly proven process is certified by ISO, ACE, Cisco, CompTIA, Microsoft
    and more.

The MVPF
security assessment

We combine vulnerability assessment and penetration test to not only identify all relevant issues
but also validate them through exploitation.

  • Vulnerability assessment

    We scan all network devices, operating systems and software applications in the scope, in order to identify all known and unknown vulnerabilities.

  • Penetration test

    We exploit the found vulnerabilities, to show how far an attacker could get. A real life attack by our experienced team.

Process

We work according to a very well documented and tested methodology.

  • Written approval

    We sign our NDA

  • Scope

    Together we decide which assets to test

  • Quote

    Your personalized offer based on agreed scope.

  • Auditing

    According to our agreed schedule

  • Report

    We provide the solution so you can fix the problem

  • Re-test

    After 3 months to assure all problems have been properly fixed

Our methodology

From years of experience, we shaped our unique, proven approach
to security assessments.

Methodology
  • Automated tools identify all vulnerabilities - these are then manually validated.
  • Two teams check your systems independently to achieve full validity of the results.
  • The findings are aggregated into a final report.
  • Your in-house team gets time to fix all vulnerabilities.
  • In a final re-test, we make sure all issues are fixed to perfection.

Common questions

  • To start out we need some information about you and the scope of the assessment. Which and how many domains, subdomains, IPs, mobile and web applications would you like us to test?

    Before the start of the test, you will have to sign a letter of consent, where you confirm the ownership of the IPs and applications in the scope and you agree to the following test. Moreover, we are going to sign a statement of work, where we commit to the deliverable within the scope.

  • We need about 10 days notice from first contact till the beginning of the assessment. The results of a Standard assessment can be delivered within 3 days. A Professional security audit will take approximately 6 days depending on scope.

  • The deliverables in our security assessments are:

    • Complete testing of the systems within the scope at the most granular level
    • Realistic attack scenarios which portray actual methods and results of an attacker
    • Executive summaries for every technical vulnerability, enabling ease of understanding by other non-technical parties
    • Clearly explained step-by-step definitions of each and every vulnerability with different methods and scenarios of exploitation
    • Clearly and strictly defined short-term, mid-term and long-term roadmaps on remediation of each discovered vulnerability
    • After you confirm that the vulnerabilities in the Professional security report were fixed, a retest will take place, followed by a new security report, containing the status (fixed/unfixed) of the vulnerabilities (only in Professional assessment)

     

    The results will be presented in our Security Report. You can find a sample report including a detailed table of contents here.

  • We take privacy very seriously and will not hand data to any 3rd parties without your consent.

     

    During the entire process and beyond, we will handle each and every bit of your critical data according to strict confidentiality and integrity standards, according to our NDA. These include:

    • Definition of access clearances among the testing personnel and inside the company
    • Using high-end encryption systems and algorithms for every storage unit inside the company
    • Acting according to strictly secure transmission channels guidelines when reporting our findings
    • Ensuring safe and secure deletion of all traces and remains from a security testing service upon completion

Let us hack you before they do!

How secure are you? Let’s make sure your data is safe!