Security Testing

Is your company worried about the security of your systems? Do you fear attacks from hackers, or have you already experienced an attack? Or do you just want a thorough analysis of your entire company's security level? - Then Security Testing is the service you need.

What is a security test?

A security test from Aconiac is the tool you need to secure your company's systems against attacks from hackers. Through our analysis we discover precisely what security issues are hidden in the system and tell you how to correct them, followed by us actually correcting them for you. This way you achieve insight into your system's security level and at the same time ensure your system is secured against potential attacks in the future.

Why should I worry about computer security?

Computer security is one of the areas that is often ignored in budget planning. It is therefore very normal for a company to have several serious security issues which criminals can and will take advantage of.
If you are so unlucky as to become a target of an experienced hacker, even as a small company you can expect relatively large economic losses. These usually consist of lost sales due to downtime, lost sales due to bad PR, salary payment for the people coming in Sunday morning to fix the system and, of course, consultant payment for the professionals making sure the system will not be successfully attacked again. All in all, this can sum up to somewhat large amounts, especially if your company has a big online presence, like e.g. a webshop. It is therefore a good economic decision to consider computer security and beat the criminals to it by getting all computer security problems fixed before incidents occur.

Free vulnerability test

As we know that many companies often have security issues, but are not themselves aware of it, we offer any company the chance to get a so called vulnerability test - completely free of charge. A vulnerability test is basically a security walk-through of a system, with the intention of proving the existence of security issues in the system.

With the help of a vulnerability test your company can get insight into whether there is reason for concern or not, and react accordingly. A vulnerability test is preferably to be conducted at your company, so long as it is within reasonable distance from Aconiac's offices or we have a special agreement with you. But if physically meeting is not a possibility, we still offer to do a free vulnerability test externally and send the results with extensive descriptions and explanations.

If you wish to request a free vulnerability analysis, please use the menu buttons at the top right corner of the page.

Analysis methods

Specific analysis methods vary from project to project, as companies have different goals for security and systems often have completely different setups.
Below, you can see an example of a security test - in this case a website which is analyzed and secured.

Phase 1: Planning and goal establishment

We meet and talk to the client, learn how their system works and try to understand which goals they have for their security. These can be anything from simple risk-deduction to large scale internationally recognized security standards. When goals are set, we will talk to the client and make an execution plan for the security test. What needs to be done? How does it need to be done? How much information is needed?

We normally request a copy of the source code and the database structure (the content is seldom important). We then set up the copy of the source code locally in a closed system, after which we set a third-party pentesting utility to make a full test of the system. After this test has finished, a report is sent to the security consultant automatically.

The security consultant then begins to test the system for the errors stated in the pre-testing report, and also tests a number of alternative attack methods, as automatic pentesting utilities seldom catch every security issue present in a system. The consultant will also try to identify areas where improvements of security is possible.
After the complete analysis is done, 3 reports will be saved. The pre-testing report, another pentesting report from after the errors have been corrected and the security consultant's own report, detailing any extra security issues discovered and a correction log, detailing exactly what was changed in the code.

The changed website will then be tested manually and with automatic testing applications. Any error found is corrected immediately.

We speak to the client again, and present him with the corrected source code. If there are any extra questions or issues, these will be addressed. Last but not least we will speak a bit about security management and the other side of computer security, namely security policies.

The changed source code will then be implemented on the running website and we help the client make sure everything is working perfectly. If any errors are discovered at this point, these will be corrected immediately.

Can you be 100% secure?

A 100% secure system is a myth! It is practically and theoretically impossible. You can, however, speak of acceptable security, which is also what we offer - acceptable security.
What acceptable security means largely depends on what your company's goals are for security. One's preventive measures should always be balanced with one's potential loss, so the individual company's "acceptable security" will therefore vary a lot from case to case, ranging from simple protection from the most basic attack methods, to full scale complex internationally recognized security standards.
Exactly which goals fit your company is something we will evaluate together through an initial meeting before a security test is initiated.
However, no matter what the situation, we can never promise our clients that they have no risk of successful attacks after we have secured their system. We can however state, that the risk will be substantially smaller, all depending on which goals their company has set for security.

Continued Security Testing

Sadly computer security is not a static phenomenon. Each week new attack methods are developed, new security issues are discovered and new criminals emerge to attack one's system. It is always a good idea to test one's system and get it secured, but if you add features or change the system the next week, you could potentially have introduced entirely new security issues, without even knowing. For this reason it will often be a good idea to get your system tested fairly regularly, like e.g. once every 3 months, and thereby achieve a constant high security, which leaves room for development on the company's system.
Testing contracts are made individually for each client, since no two companies have the exact same needs and goals. In general, all contracts will yield relatively large deductions in pricing for each security test and the possibility of discounts on some of Aconiac's other services.
If this has caught your interest, please contact your Aconiac representative for an informal talk about what best fits your company.

Price

A typical security test can be acquired for prices ranging from 850€ excl. VAT.

Aconiac generally uses individual offers, since no two companies have the same needs or resources. We therefore recommend you use the "request an offer" button in the top right corner of the page to get an exact pricing from the get-go.