Synesis Stratus offers services that include security assessment (penetration testing) of web-applications, mobile applications and internal corporate perimeter. Security assessment is carried out in accordance with international standards and methodologies while using automated means and manual vulnerability discovery that is performed by offensive security professionals.

Synesis Stratus Red Team includes certified offensive security experts - OSCP (Offensive Security Certified Professional).

Leveraging manual vulnerability assessment method allows you to achieve maximum results, close to real attacks on your resources. Only in the case of manual vulnerability testing, it is possible to discover "0day" vulnerabilities - vulnerabilities that are not yet known to software developers and hardware manufacturers, or are known, but for which no solutions have been developed. Such vulnerabilities are not contained in the databases of vulnerability scanners, but can be exploited by hackers.

Problems solved:

• discovery of vulnerabilities in applications including the most dangerous vulnerabilities according to the OWASP Top 10 list allowing to perform denial of service, administration functions take-over, data leak, application and data modification, etc.;
• discovery of vulnerabilities through which hackers could get access to critical infrastructure of corporate information systems;
• providing recommendations to address vulnerabilities.

Methodology:

• OWASP Testing Guide v4;
• The Web Application Security Consortium / Threat Classification;
• Mobile Security Testing Guide (MSTG);
• OSSTMM2 (Open Source Security Testing Methodology Manual);
• NIST 800-115 (Technical Guide to Information Security Testing and Assessment).