Our Services

Security audits and penetration tests are among the most effective methods for verifying the practical security level of IT systems and their components. They also represent one of the most frequently performed services by our company. Since our founding in 2010, we have conducted hundreds of security audits and penetration tests for web applications, mobile applications, IT infrastructures, and VoIP systems.

Our audit and testing methodology relies on internationally recognized norms, standards, methodologies, and best security practices, including ISO/IEC 27001, NIST guidelines, OWASP, CIS, as well as our internal Prevenity methodologies.

The professionals overseeing and supervising our audits and tests have extensive industry experience, supported by certifications such as ISO/IEC 27001 Lead Auditor, CISSP, CISM, CISA, or CRISC.

At Prevenity, we place great emphasis on continuous development and the enhancement of technical expertise. We support this commitment with widely recognized certifications, including OSCP, OSCE, OSWE, and CEH.

Examples of security audits and security (penetration) testing projects completed by our company:

• Comprehensive security audits of electronic banking systems (covering all electronic access channels)
• Security testing of mobile banking systems on popular mobile operating systems (Android, iOS)
• Security testing of micropayment systems, contactless payments, and payments made using mobile Point-of-Sale (POS) systems and cash registers
• Security testing of APIs, web services, and data buses
• Security testing of the SWIFT system
• Security testing of OpenAPI interfaces
• Security testing of industrial IT environments, including SCADA systems
• Source code analysis for financial systems (mobile applications, thick clients, server-side applications)
• Initial compliance audits of organizational processes against ISO/IEC 27001
• IT systems and process compliance verification with Polish Financial Supervision Authority (KNF) recommendations
• Compliance audits of systems with PCI DSS requirements

For insights into the quality of our audits and tests, we encourage you to seek opinions from our clients — many of whom can be found in the security departments of nearly all major banks, numerous insurance companies in Poland, and other large organizations operating within the Polish financial sector.

The high quality of our work is also reflected in the fact that the vast majority of our clients have been working with us continuously for many years.

Our extensive experience shows that even the largest budgets and the best teams cannot entirely prevent successful cyberattacks. For most organizations, especially large ones, it's not a question of "if," but "when" they will become victims of a cyberattack or other security incident compromising the confidentiality, integrity, or availability of their information.

Over the past few years, our company has actively managed over ten major security incidents that posed severe threats to the core business operations of our clients. Among the incidents we've handled was one of the largest cyberattacks targeting the banking sector in Poland—the KNF server incident. During this incident, we actively analyzed and countered the attack within two major Polish banks and shared critical information publicly through our published report.

Additionally, we assisted two clients in mitigating the NotPetya attack in mid-2017, conducted investigative and containment actions following an IT system compromise at a large publicly traded company, and managed an incident on-site within hours after a client's DMZ servers in Ukraine were compromised.

We provided support to two Polish Ministries following internet-originated breaches and assisted a large telecom organization with post-breach analysis of compromised servers. We also analyzed dozens of compromised workstations and servers in cooperation with law enforcement, providing digital evidence related to cybercrimes.