Protect your organization from cyber threats!

Increasingly, businesses are becoming victims to cybercrime, with most companies not realizing they have been attacked. The damage is unreversible and results to billions in losses every year.

BOOK A CALL

€ $

OUR PACKAGES

Protecting your organization and employees from the unimaginable is non-negotiable. The price of penetration testing is a fraction of the cost of damages caused by a data breach. Our highly qualified software engineers identify security gaps in your organization’s infrastructure and web applications before hackers do. We ensure your learning management system is secure.

Low Exposure Package

Your Opigno LMS web platform is installed on secure web servers, is not connected with other business applications, and contains little or no personal data.

In addition, your activity does not attract the attention of hackers; for example, there is no online e-commerce section or payments gateway.

This package is essential to guarantee the sustainability of your training activity and the data stored.

It includes:

Checking security of your Opigno LMS installation
Checking update status for Opigno and contrib modules
Checking custom code for vulnerabilities

3 900 €

Choose this package

High Exposure Package

Your Opigno LMS web platform is installed on your internal servers. It is connected with several other business applications. The risk in case of security vulnerability is higher and can affect multiple areas of your business, not just your training platform.

In addition, you manage employee personal data, including learners, employees or customers, and their activities.

Your presence on the Internet and your brand can attract the attention of hackers: the HIGH package is recommended in your case.

In addition to "Low Exposure" Package, this includes :

Checking external integrations for vulnerabilities
Assessment of network architecture, and of vulnerabilities leading to network traffic interception and redirection
Checking for insufficient authentication and authorization in different services

On demand

Contact us

Critical Exposure Package

Your internet presence and your brand are very important and attract the attention of hackers. A cyber attack would be reported very quickly by news sites and your image and notoriety would automatically be degraded.

Your Opigno LMS web platform is installed on your internal servers, it is connected with several other business applications. The risk in case of security vulnerability is very high and would affect several areas of your business, not just your training platform.

In addition, you manage personal data on your employees, learners, billing data or banking data.

The CRITICAL exposure is best matched for this case.

In addition to "High Exposure" package, this includes :

Identification of vulnerabilities within your applications
Simulated attack to improve your security and mitigate risks
Using different models form WhiteBox to GreyBox and BlackBox for maximum efficiency

On demand

Contact us

Custom Exposure Package

You want tailor-made support, we can together establish an offer that will meet your expectations.

Contact us, our experts will be happy to deal with your requests!

The tests carried out by our experts will provide you with the best possible protection against the following risks:

Exposing company, employee and consumer data
Reputation damage
Financial loss
Ransomware
Espionage and trade secrets
Legal challenges and liability

On demand

Contact us

Low Exposure Package

Your Opigno LMS web platform is installed on secure web servers, is not connected with other business applications, and contains little or no personal data.

In addition, your activity does not attract the attention of hackers; for example, there is no online e-commerce section or payments gateway.

This package is essential to guarantee the sustainability of your training activity and the data stored.

It includes:

Checking security of your Opigno LMS installation
Checking update status for Opigno and contrib modules
Checking custom code for vulnerabilities

3 900 $

Choose this package

High Exposure Package

Your Opigno LMS web platform is installed on your internal servers. It is connected with several other business applications. The risk in case of security vulnerability is higher and can affect multiple areas of your business, not just your training platform.

In addition, you manage employee personal data, including learners, employees or customers, and their activities.

Your presence on the Internet and your brand can attract the attention of hackers: the HIGH package is recommended in your case.

In addition to "Low Exposure" Package, this includes :

Checking external integrations for vulnerabilities
Assessment of network architecture, and of vulnerabilities leading to network traffic interception and redirection
Checking for insufficient authentication and authorization in different services

On demand

Contact us

Critical Exposure Package

Your internet presence and your brand are very important and attract the attention of hackers. A cyber attack would be reported very quickly by news sites and your image and notoriety would automatically be degraded.

Your Opigno LMS web platform is installed on your internal servers, it is connected with several other business applications. The risk in case of security vulnerability is very high and would affect several areas of your business, not just your training platform.

In addition, you manage personal data on your employees, learners, billing data or banking data.

The CRITICAL exposure is best matched for this case.

In addition to "High Exposure" package, this includes :

Identification of vulnerabilities within your applications
Simulated attack to improve your security and mitigate risks
Using different models form WhiteBox to GreyBox and BlackBox for maximum efficiency

On demand

Contact us

Custom Exposure Package

You want tailor-made support, we can together establish an offer that will meet your expectations.

Contact us, our experts will be happy to deal with your requests!

The tests carried out by our experts will provide you with the best possible protection against the following risks:

Exposing company, employee and consumer data
Reputation damage
Financial loss
Ransomware
Espionage and trade secrets
Legal challenges and liability

On demand

Contact us

Team

Our team is highly efficient and experienced, made up of dedicated and certified ethical hackers. An effective team that understands the methodology and identifies threats before it's too late. We pride ourselves on our capabilities and are passionate about securing your LMS and building a long-lasting partnership built on trust and reliability.

Certifications

Offensive Security Certified Expert (OSCE)

Offensive Security Web Expert (OSWE)

Certified Ethical Hacker (Master)

Based on cybersecurity world best methodologies and practices

Open Source Security Testing Methodology Manual (OSSTMM)
Open Web Application Security Project (OWASP) Testing Guide
Penetration Testing Execution Standard (PTES)
NIST Special Publications 800-115 Technical Guide to Information Security Testing and Assessment
Information Systems Security Assessment Framework (ISSAF)
Web Application Security Consortium (WASC) Threat Classification
Common Vulnerability Scoring System (CVSS)

Service

Vulnerability Assessment of LMS Installation and Web Application

Our security engineers review the installation and configuration of your LMS and provide a cybersecurity threat assessment. Based on OWASP standards.

More information

Component risk assessment and update status

Our security software engineer will review your LMS to ensure all components are up to date and secure.

More information

Custom code and external integration vulnerability assessment

Our ethical hackers and security engineers will review and test custom-developed code to identify vulnerabilities and provide an assessment report. We will review all external third-party integrations to see if they may result in hostile access to your LMS. Our assessment is based on the 10 best practices of the OWASP.

More information

Strategic external penetration testing

Our certified ethical hacker will perform advanced external penetration testing on your infrastructure to identify various weaknesses that hackers could use to exploit your organization. Our experts test your business for any sensitive data that might already be publicly available.

More information

The Service is designed to reveal security shortcomings which could be exploited to gain unauthorized access to critical network components. These could include:

Vulnerable network architecture, insufficient network protection
Vulnerabilities leading to network traffic interception and redirection
Insufficient authentication and authorization in different services
Weak user credentials
Configuration flaws, including excessive user privileges
Vulnerabilities caused by the usage of outdated hardware and software versions without the latest security updates
Information disclosure

The Service is also designed to provide OSINT or Open Source Intelligence refers to information about individuals or companies that can be freely and legally gathered from publicly available sources.

Model

Security assessment conducted through the Internet by an "attacker" with limited or no knowledge of your system.

Steps

Passive information gathering
Active information gathering (network discovery), including port scanning, identifying available services and manual requests to certain services (SSH, telnet, FTP, DNS, mail, etc.),
External vulnerability scanning and analyzing
Manual vulnerability analysis, including identification of resources without authentication, important publically available information, insufficient access control
Guessing credentials
Exploitation of the vulnerabilities and privilege escalation(if possible)
Develop all attack methods available during testing that have been exhausted.

The analysis is performed using automated tools as well as manually by experts. The following security assessment tools can be used:

Information gathering tools (Maltego, theHarvester, FOCA etc.)
Various general-purpose and specialized scanners (NMap, OpenVAS, WPScan, nikto, w3af and others)
Credentials guessing tools (Hydra, Medusa, potator and others)
Web application security tools (OWASP ZAP, BurpSuite, Sn1per, SQLmap, etc.)
And others, including limited access exploits and custom exploitation tools

Results:

Following the service, customers receive a report containing the following:

High-level conclusions on the security flaws and recommendations to remediate them;
A detailed description of detected vulnerabilities, including severity level, possible impact on the vulnerable system, and evidence of the existence of vulnerabilities (where possible);
Recommendations for eliminating vulnerabilities;
Recommendations on mitigating the identified issues;
Detailed description of information that was detected concerning your organization.

Based on cybersecurity world best methodologies and practices:

Open Source Security Testing Methodology Manual (OSSTMM);
Open Web Application Security Project (OWASP) Testing Guide;
Penetration Testing Execution Standard (PTES);
NIST Special Publications 800-115 Technical Guide to Information Security Testing.

Assessment

Information Systems Security Assessment Framework (ISSAF);
Web Application Security Consortium (WASC) Threat Classification;
Common Vulnerability Scoring System (CVSS).

Web application and API penetration testing

Our ethical hackers and application security engineers test your web applications and APIs to identify security vulnerabilities that exist within a web application and API.

More information

The service is designed to identify vulnerabilities within your applications, from low to high risk, via a simulated attack to improve your security and mitigate risks.

The testing includes the entire application or just specific areas of functionality. Our approach allow find many types of vulnerabilities on the areas we assess:

Authentication
Authorization and access control
Cross-site scripting (XSS)
SQL and other type injection vulnerabilities
Cross-site request forgery (CSRF)
Server-side request forgery (SSRF)
Insecure file upload
XML-related issues
Unsafe deserialization
Business logic flaws
Unnecessary information disclosure

Model

Black-box testing;
Simulating an external attacker without prior knowledge of the application's internal structures and workings;
Grey-box testing;
Simulating legitimate users with a range of profiles;
White-box testing;
Analysis with full access to the application's source codes.

Steps

Gathering Information;
Conducting reconnaissance activities to locate information leakage, identifying utilized technologies, map application entry and functionality, and other related tasks to guide testing;
Vulnerability scanning and analyzing;
Automated scans and manual tests to discover flaws in the application which could be exploited. Deep-analysis of vulnerabilities via typical hacker's techniques, such as banner-grabbing, HTTP header analysis, brute-forcing of login pages and examination of web forms to identify locations in the application that may be open for exploitation;
Exploitation of vulnerabilities;
Providing attempts to establish access to a system or resource by bypassing security restrictions and weaknesses in the design and development of your application. This sometimes encompasses user privilege escalation when available in your application and includes a range of techniques such as various injections, cross-site scripting (XSS), insufficient authorization and others;
Analysis and Reporting;
Analyzing the results and providing a detailed exploitation report identifying any vulnerabilities discovered;
The analysis is performed manually by experts and using automated tools hackers use.

Results

Following the service, customers receive a report containing the following:

High-level conclusions on the security flaws and recommendations to remediate them;
A detailed description of detected vulnerabilities, including severity level, possible impact on the vulnerable system, and evidence of the existence of vulnerabilities (where possible);
Recommendations for eliminating vulnerabilities

Our methodology based on cybersecurity world best methodologies and practices:

Open Source Security Testing Methodology Manual (OSSTMM);
Open Web Application Security Project (OWASP);
Web Application Security Consortium (WASC) Threat Classification;
Penetration Testing Execution Standard (PTES);
NIST Special Publications 800-115 Technical Guide to Information Security Testing;
Common Vulnerability Scoring System (CVSS);
Information Systems Security Assessment Framework (ISSAF);

Reports and information

A comprehensive assessment report detailing the tests performed, hack simulations, penetration testing, vulnerabilities and findings that threaten your organization, along with actionable recommendations.