Synesis Stratus offers services that include security assessment (penetration testing) of web-applications, mobile applications and internal corporate perimeter. Security assessment is carried out in accordance with international standards and methodologies while using automated means and manual vulnerability discovery that is performed by offensive security professionals.

Synesis Stratus Red Team includes certified offensive security experts - OSCP (Offensive Security Certified Professional).

Leveraging manual vulnerability assessment method allows you to achieve maximum results, close to real attacks on your resources. Only in the case of manual vulnerability testing, it is possible to discover "0day" vulnerabilities - vulnerabilities that are not yet known to software developers and hardware manufacturers, or are known, but for which no solutions have been developed. Such vulnerabilities are not contained in the databases of vulnerability scanners, but can be exploited by hackers.

Problems solved:
  • discovery of vulnerabilities in applications including the most dangerous vulnerabilities according to the OWASP Top 10 list allowing to perform denial of service, administration functions take-over, data leak, application and data modification, etc.;
  • discovery of vulnerabilities through which hackers could get access to critical infrastructure of corporate information systems;
  • providing recommendations to address vulnerabilities.

  • OWASP Testing Guide v4;
  • The Web Application Security Consortium / Threat Classification;
  • Mobile Security Testing Guide (MSTG);
  • OSSTMM2 (Open Source Security Testing Methodology Manual);
  • NIST 800-115 (Technical Guide to Information Security Testing and Assessment).

    Service stages
    Threat modeling and analysis
    Analysis of the most likely attack vectors with regard to their influence on the information system
    Data collection about technologies used, software versions, platform and applications vulnerabilities
    Developing or applying available proof-of-concepts (PoC) for exploiting vulnerabilities
    Privilege escalation and lateral movement
    Development of detailed technical Report for the Customer
    Providing advice to the Customer on enhancing assets security
    One more penetration test to confirm the elimination of previously identified vulnerabilities