🖖🏼 This is the way

  • Consultants with extensive experience.
  • Maximum agility in delivering results.
  • High quality deliverables aligned with ISO-27001, RFC-3227, RFC-2196 and RFC-2350.
  • Flexibility during planning and execution.
  • Proximity with the client.

🏢 Industries

  • Tech startups
  • Retail, e-Commerce.
  • e-Health, m-Health.
  • Telecommunications.
  • Hospitality.
Bespoke services for your company:

Web application and API security audits
Many security breaches start with an insecure web application or API service. Among the main factors that can affect the security of a web service are: the use of several different technologies, very short development times, which increase the presence of security defects, or the inexperience of developers in terms of security.

The objective of a web security review is to identify those vulnerabilities that may have an impact on business continuity or data integrity, since web applications usually handle sensitive or vital information for the business.

Our audits are performed by an expert consultant, manually, with the support of custom-developed tools for each reviewed application. We go beyond the most common errors cited by the OWASP Top 10 and other best practice guides, assessing other kinds of vulnerabilities that affect modern web development.

With the result of the assessment, our clients can protect their assets and direct their efforts to correct the problems detected, improving the robustness of the application against cyberattacks.
Mobile app security audits
The recent increase in the use of mobile applications for critical business tasks presents new risks for companies, which depend on devices and apps on a daily basis.

Another risk factor for these platforms is the current level of security maturity. Many risks are not yet fully understood by users. In addition, the lack of standardized security tools and practices, and the lack of developer awareness, make mobile platforms more prone to vulnerabilities than more traditional ones, such as desktop or web applications.

Our mobile application security audits consists of simulating the actions that an expert attacker would take to identify vulnerabilities in each of these critical elements:

  • The infrastructure that supports the application (servers, APIs and databases).

  • Communications between the server and the application.

Likewise, we carry out a complete analysis of the application's logic, through interaction with the device.

Our consultants have extensive experience in application analysis for iOS and Android platforms.
Intrusion tests (pentesting)
Penetration testing consists of identifying and exploiting the vulnerabilities and threats that affect your business, from the perspective of an external or internal attacker.

To check your security level, a controlled action is carried out that simulates an attack targeting your infrastructure. This controlled attack, which is innocuous for your infrastructure, allows you to accurately determine the real risk of exposure of your company.

The main objective of this exercise seeks to cover one or both of these risks:

  • Anticipating the activity of an internal attacker (for example, a disgruntled employee) who already has access to the network and other internal systems.

  • Evaluate the organization's defenses against the scenario of an external attacker without privileged access or knowledge of the internal infrastructure.

This assurance provides a complete view of the strengths and weaknesses of your business IT infrastructure.
Secure software development (SDLC)
The Secure Development Life Cycle (SDLC) allows you to develop software according to all the necessary security requirements.

Even in the earliest stages of project planning, and also during requirements taking, it is important to establish a correlation between user requirements and the security risks they may pose. The development of a complete threat map will allow adding security measures throughout the development process.

A project built using a secure development life cycle has greater resilience against vulnerabilities and threats. In addition, costs are reduced, opportunities for fraud and future maintenance tasks are minimized to correct security errors.

The activities covered by our secure development process are:

  • Threat modeling.

  • Definition of security requirements.

  • Analysis of the software security architecture.

  • Monitoring of project management.

  • Preparation of compliance reports and documentation of good practices.

The end result will reduce the attack surface of your systems and strengthen the integrity, confidentiality and availability of information.
Source code audits
The existence of vulnerabilities in software often originates from the coding phase.

Our consultants have experience in reviews of source code written in popular languages such as Java, Python, C and C ++, C #, PHP and Javascript, among others.

Our analysis consists of an initial scan using static analysis tools designed to identify security issues. We then perform a manual expert review to identify errors in the logic itself that may pose a risk to the application.

The result of this review is a document explaining the identified aspects, their level of impact and resolution tips for the development team. It will also serve to prevent similar errors in the future.

And if at any time you need it, we can take the reins of any project, whether it is in progress or not, to bring it to fruition.
Expert and forensic analysis
Many organizations are not ready when a cyber incident hits them. Most companies lack the resources, procedures, and training to handle the chaos that results from a security breach.

That's why you need prompt professional assistance to protect your business and prepare for potential legal proceedings.

Cybercrimes are very complex events. They require specialists to support the legal team. Our consultants will function as an extension of your team, helping you to have a strong digital evidence base for cases of theft, policy violation, misuse of corporate equipment, hacking, cyberbullying, sabotage, falsification of information and others.
Incident response
The diversity of applications exposed to the Internet has been accompanied by an increase in the number of security incidents.

The impact of a cyber attack can be highly variable. In some cases it can have an operational impact on the business, leading to significant economic losses if not acted upon properly.

Incident response is the rapid reaction that manages the consequences of a breach in the organization's security.

The primary goal of an incident response team is to minimize the impact of a cyber-incident and enable rapid recovery of business operations.

An incident response team is also charged with analyzing the cause of the incident and improving security measures to prevent the risk of new similar incidents in the future.
Training and awareness
Most situations that affect business continuity are due, in one way or another, to the lack of cybersecurity preparation of their employees.

Not all companies need to invest heavily in complex security infrastructures. Depending on your size, it can be much more beneficial to invest in training and awareness of your employees.

Investing in training and awareness brings immediate benefits to the company that technical solutions cannot.

Contact us

Send us a message

  • Data controller: PERCIBE S.L.

  • Purpose: Contact with the interested party.

  • Legitimation: Consent of the interested party.

  • Data processor: PERCIBE S.L.

  • Rights: Access, rectification and deletion of data, as well as others, as explained in our Privacy Policy .

  • More information: Privacy Policy .