Penetration testing
Proactively defend yourself.
Unauthorized access to company resources is a serious and growing concern as attack surfaces grow.
As real-world adversaries evolve every day to exploit vulnerabilities, organizations must adapt testing approaches to understand how their networks would perform against skilled adversaries.
Why do it?
A penetration test identifies and demonstrates vulnerabilities.
It gives you new understanding and strategies for strengthening your security posture against cyber threats.
Penetration testing helps identify security gaps.
Answer important questions.
Could an attacker enter my network?
How far could ge go?
Could I detect them along the way?
Once compromised, what else can they access?
Get insurance by testing internal and external security controls, including protections around high-value systems
Determine security compromise indicators
Receive a possible course of action for remediation
Meet compliance requirements, including PCI 3.x, FFIEC, and HIPAA. NIS Directive
Why us?
Glorifi is a US fintech that applied an innovative business model, namely financial services brokerage.
The tested system was one of very high complexity.
Sectio Aurea was selected due to the team's experience and the possibility to scale dynamically in emerging fields: Cloud & API Security.
The project required the involvement of 5 dedicated pentesters, who worked full-time for 4 months.
Penetration testing experience
Mentors and team coordinators
Experience applied to large clients in the US, EU
The largest banks in Romania as clients
One of the most advanced capabilities in Romania
Experience applied in advanced research areas
Dedicated top penetration testing team. Some of our experts have almost 10 years of experience in the field of security testing, have formed and coordinated extensive teams, aresubject matter expertsin this domain.
Today, the team is active in more advanced fields for clients from the US, the EU - for example - cyber security research and the development of countermeasures for the detection and prevention of cyber attacks - part of "Special Operations" teams - Counter Threat Unit".
The team of security testers is a very experienced and well-connected one, and they have been working together for about 4 years on complex security testing projects.
People
Unmatched experience.
Authoritative voices and recognized experts.
Business model
Allocation on-demand.
Flexibility and dynamism.
Speed
Our agile approach means faster results without compromising quality.
Simplification
Our expertise simplifies complex challenges.
Effectiveness
We offer value at a competitive cost.
Service summary
Custom engagement rules, including specific engagement goals
Manual process, led by testers, which includes tactics used by actors who threaten the real world
Objective-based methodology
Final reports containing detailed findings and executive summary
What are we doing?
The infrastructure
Wireless networks
Web applications
Mobile applications
people
How do we test?
Black box
A method applied without business-specific knowledge or user access, based only on public domain information and personal experience.
Internal penetration test
A method of providing specific business knowledge, applications, or network infrastructure. This method exposes typical abuses of end-user access rights.
Wireless penetration test
A method in which the ethical hacker expert has extensive knowledge and control over the network infrastructure or application and can perform advanced attacks to discover hidden flaws of business logic in addition to the above.
What do you get?
Security report
Executive Summary
Objectives and purpose of the evaluation
Brief presentation of the methodology used
Description of the context in which the evaluation took place
Individual presentation of the discovered vulnerabilities as follows:
description of vulnerability; vulnerability cataloging; technical description; severity and probability analysis; risk calculation; recommended countermeasures for remediation; Other details and recommendations; Annex with list of security tests performed;
Presentation workshop
The reports provided will be presented to you directly and will be structured in two distinct parts: the executive part and the technical part. The executive section will contain a brief description of the identified problems and vulnerabilities and will use graphical methods (at least diagrams, graphs or maps). The technical part will technically detail the identified problems and vulnerabilities.
Free followup
Represents the stage of verification and confirmation of the removal of the risks signaled in the previous stages, after implementation the measures mentioned in the test report.
Reset vulnerabilities removed
Represents the stage of verification and confirmation of the removal of the risks signaled in the previous stages, after implementation the measures mentioned in the test report.
Our Team - Your Cybersecurity Experts
The team consists exclusively of professionals with an average of over 10 years of experience, coming from complex and mature organizational environments.
With Sectio Aurea, you gain not only services, but trusted partners in cyber security.
Madalin Bratu, founder of Sectio Aurea, with a professional experience of 20 years in IT. His experience covers a wide range of fields, from cybersecurity and IT service management to process management, hardware and software maintenance, and advanced consulting in secure information governance.
Madalin Bratu spent a decade working at IBM, where he contributed to some of the most sophisticated service projects in Central and Eastern Europe. He played a key role as Global Portfolio Manager for Cybersecurity Services at Atos - Eviden, one of the leading multinationals in the field of cybersecurity, managing global cybersecurity projects in areas such as identity management and cloud security. His experience also includes valuable contributions to local companies, such as Safetech Innovations, one of the most dynamic cybersecurity firms in Romania.
Through Sectio Aurea, he offers unique, flexible, and relevant services. The company's business model, refined over nearly 5 years, is based on an innovative concept - that of microservices. Madalin is accompanied by a carefully selected team of experts and authoritative voices in the field of cybersecurity (CISO, DPO, CIO, architects), with whom he has built a healthy professional relationship through successful projects. This relationship has led to the optimization of an innovative delivery method (microservices in audit and consulting). These experts are actively involved in solving the challenges you face, ensuring customized and high-quality solutions.
Madalin has served many clients as a consultant in the implementation of the NIS Directive across various sectors (water companies, banking, utilities) but has also participated as a certified NIS auditor in various audit missions in complex or difficult-to-analyze environments. Most of his clients recommend him from the level of general director to IT Managers, Security Managers, and technical managers.