Information security services
Established by Paweł Krawczyk, an information security professional with 20+ years of experience, our information security consultancy offers a broad range of application and infrastructure security services. We operate as an information security collective gathering contractors with various expertise. We are located in the United Kingdom and operate globally, working remotely and on-site.
- Penetration testing of systems of any complexity, from a single-layered websites to multi-tier applications incorporating multi-tier web architectures and physical devices. We tested for major investments banks in the UK, electric grid operators, physical access controls management vendor and dozens of other companies globally.
- Threat modeling and security design including data flows, trust boundaries, qualitative and quantitative risk assessment and standardised catalogue of safeguards for use by our clients’ architects. We use and contribute to major industry standards such as OWASP ASVS.
- Continuous vulnerability assessment of infrastructure and business applications. We have vast experience with designing and deploying DAST, SAST and IAST solutions directly into your Continuous Integration pipeline running along with functional testing. We work with all major CI/CD platforms including Jenkins, Buildbot, GitLab, Travis, BitBucket etc.
- Software security scanners consulting and evaluation allowing you to find the best DAST, SAST and IAST solution at the best price and ensuring it will be not only tightly integrated with your existing pipeline but also produce the best possible results for your development language and framework of choice. We have hands-on experience with products such as CheckMarx, Contrast, HP Fortify, RIPS, Nessus as well as broad range of open-source tools such as SpotBugs, Bandit, Brakeman and others.
- Protective monitoring solutions including network level probes (Snort, Suricata) as well as host-level log analysis and intrusion detection systems based on Wazuh (OSSEC) to which we frequently contribute. We deploy protective monitoring infrastructure to systems composed of thousands of servers in AWS cloud and on-premise environments, including data analysis (ELK), instant alerting (Slack, PagerDuty) as well as design of incident response procedures.
- Systems hardening and security control enforcement. We use and contribute to a number of industry standards such as InSpec and we support all major configuration management systems such as Ansible, Puppet and Salt, on Linux, FreeBSD and Solaris.
We fully support startups and non-profit organisations, offering flexible rates or pro bono services. We accept all major cryptocurrencies.
Please contact us to get a sample report and for more details about our offers.