Ethical Hacking

Whiteshield, a company specializing in IT security, was established by a group of ethical hackers with one common goal in mind; revealing the true nature of the customers’ infrastructure from a security perspective. What we aim to achieve is no less than a comprehensive vulnerability assessment through a set of methodological disciplines, including scoped security assessment, penetration testing and even social engineering.

Our expertise lies in delivering professional technical guidance for our clients, so that they may effectively strengthen their systems, thus preventing sensitive information from being compromised through a possible attack.

What is Ethical Hacking?

It is a well known fact that all IT systems are threatened by vulnerabilities as they are discovered in a daily manner.

Planning for and handling these risks is becoming more important than ever for decision-makers.

Consider the possibility of one or more of the following:

  • a competitor gaining access to the company database and being able to make modifications to sensitive data
  • protected information becoming publicly available for phishing robots lurking around the internet
  • a third party, other than the sender and the intended recipient, gaining access to corporate e-mail
  • an outsider logging in on the company‚Äôs internal network via WiFi nearby in the street
  • the company website being re-structured or falsified to bring discredit or mislead visitors

Could it be possible that any of these have already happened? Even worse: what if it is continuously occurring, but simply no one is aware of it? Such incidents may happen more often than one might dare to think. Unfortunately, most victims would not even realize a penetration or permanent stay of a stranger in their system until sensitive information has already leaked, causing unexpected damage to business value.

In short, Ethical hacking is nothing more than a simulation of a real hacking attack. Our experts are equipped with the same set of skills and tools as the malicious hackers are, those who are in the daily news, accused of committing cyber crime.

Our team consists of ethical hackers with expertise in information security. After careful planning and negotiation with the customer, we attack a commonly defined scope of the infrastructure or application in order to reveal possible weaknesses and vulnerable points that could present easy targets to actual unwanted attacks.

Our projects often result in a shocking outcome to the principals. This is why our service consists not only of penetration testing, but we are ready to actively participate in eliminating the security gaps that have been revealed. We offer consultancy and support in refactoring of certain infrastructure or software components and in the phase of specification if requested.

Ethical hacking – what we do

During the assessment we simulate a real hacking attack; we act and think as a malicious attacker would, using similar tools to explore and assess how safe the corporate IT infrastructure is, and what information or data one may gain access to.

Our specialists deliberately seek out all available information online as if the company was a subject to study. Through the eyes of a hacker, a detailed structure is built, technologies and solutions of the customer are explored, security risks and threats are found. Not only do we go through well-known vulnerabilities that are published on the internet, but we explore the update policy and security footprint due to the lack thereof, as well as unintended gaps or results of human negligence. Custom-developed services and solutions are assessed with special care on typical design failures.

Below is a list of deliverables that should be expected at the end of a project:

  • Prioritized recommendation list with the steps needed to be taken in order to eliminate all risks and strengthen your systems
  • Executive summary to describe the current state and the risks in a non-technical language
  • Technical summary on the security gaps for developers and system administrators
  • Detailed and itemized report on the assessment

Once again, our primary objective lies not in finding one soft spot to penetrate through and compromise the system, but to uncover each and every brick that came loose to weaken the whole structure, to document these findings and make recommendations on how to eliminate them most effectively.

External vulnerability assessment

System Pentest for Business

Internal vulnerability assessment

Internal Network Security for Business

Vulnerability assessment of complex web applications

Web Application Hack for Business

Application Security Testing

Application Security Test for Business