We don't just try to react to the customer's requirements, but we look for a solution that will have the maximum benefit.
One Czech bank owned by a foreign owner wanted to test its internet and mobile banking through penetration tests. The bank selected AEC in the tendering procedure.
After executing the entrance analysis of the bank's environment, we proposed an extension of the tests on the bank's other applications and verification of a wider range of possible attacks.
Within two hours, we got several applications into the bank's internal network and gained full access to it. During normal operation we did the same thing within fifteen minutes at the customer information terminals at the affiliates. The breach was very fast due to a number of errors in the applications being used. We proposed their modifications in a way so they would resist possible attacks, and so the bank would not have to substitute them with other applications.
In regard to the number of errors that were found, the IT management asked us to find out if there were any attacks on the network in the past that they didn't know about, and that may have led to customers' data theft. Luckily there was no evidence that could prove that an attack had happened.
The bank not only made sure that its critical data had not abused, but due to the security changes that were made, it should never happen.
The Solution's Description
The penetration tests by the hacker’s attack simulation on the network and application level test the ability of the company's systems to resist real cyber attacks coming from an external environment. It also tests the ability to resist unauthorized attacks by employees, regardless if they act intentionally, or just make a mistake.
The penetration tests help to reveal the deficiencies of the system proposal and its architecture and to identify an undersized capacity of the system's components.
The penetration tests check the secured level of confidentiality, integrity, and availability of data that are being processed by electronic systems.
- Infrastructure Penetration Tests
- Application Penetration Tests
- Wireless Networks Wi-Fi Penetration Tests
- Mobile Devices Penetration Tests
- VoIP Penetration Tests
- Management and Supervisory Control Systems Penetration Tests (SCADA = supervisory control and data acquisition)
- More than 20 years of experience in the field of security in the Czech and Slovak Republics.
- A large team of certified specialists with experience based on hundreds of penetration tests performed on critical applications and large-scale systems.
- We emphasize a manual approach when testing, which leads to the detection of a higher number of errors, particularly in applications in business logic.
- Evaluation of the level of the company's ICT security and real risks' definition in the context of presumed impact on business.
If you are interested in finding out more about how we work, don’t hesitate to ask one of the following companies for a reference. They represent selected and approved recent references only.
- Zuno bank, AG
- ING bank
We regularly provide the security tests for our customers T-mobile, Komerční banka, Česká spořitelna, ČSOB, Volksbank, and Poštovní banka.