Cybersecurity
Services
Architecture, applications and core technologies are constantly changing. IT security provides critical protection of the organization’s assets, which also allows the adoption of appropriate measures to comply with standards, audits and legislation.
What we do
As a Cybersecurity company, our mission is to help our customers understand and improve the security status of their applications through affordable and innovative solutions, integrating capabilities and intelligence for their sustainability.
We believe that security is something you build. Our IT security services focus not only on detecting and exploiting vulnerabilities, but also on remediating them.
We support the entire process, from risk identification to the implementation of effective solutions to strengthen the security of your applications.
Offensive security
Offensive security focuses on identifying and proactively exploiting weaknesses by analyzing targets from the attacker’s perspective, before they do. These cybersecurity services make it possible to assess the robustness of the organization’s defenses by mimicking real cyberattack tactics.
Defensive security
Defensive security focuses its efforts on protecting against attacks, safeguarding the integrity, availability and confidentiality of data and systems. These cybersecurity services seek to build and maintain strong and resilient barriers, establish robust access controls, and foster an information security culture that prioritizes prevention and early detection of threats.
Our IT Security company has extensive technical experience in conducting offensive security assessments (Penetration Testing and Vulnerability Assessment) simulating threat agents and also in defensive security with a proactive and preventive approach.
IT Security Services
We help you to know the real state of your organization’s cybersecurity.
Offensive security services
- Penetration Testing
- - Web applications
- - Mobile applications
- - Organization
- Vulnerability Assessment
Defensive security and prevention services
- Infrastructure and process review (GAP analysis)
- Secure software development life cycle (SSDLC) maturity review
- Systems architecture consulting
- Security incident response
- Remediation service
- DevSecOps
- Official security course with GeneXus
Work process
Scope
At this stage, specific needs are explored and the type of service and scope of analysis is agreed upon. This may be previously defined. If not, a security consultant will help find the right scope and develop a proposal.
Proposal
Once the scope of the project is established, we are committed to thoroughly evaluate the requirements and describe a competitive quotation. We allocate the appropriate resources and agree on a start date and duration of the service.
Execution
During execution, our consultants maintain an open channel of communication with your team, keeping them informed at every stage of the process. All high-risk findings are reported promptly to ensure a prompt and timely response.
Report
The final report provides a clear view of the areas requiring priority attention and is accompanied by expert recommendations to strengthen your cybersecurity position.
Web / Mobile Penetration Testing Methodology
This is the usual general outline of the most requested service, which may vary depending on the scope and assets to be analyzed:
The attack surface is identified. This is made up of the IP addresses, open ports, application routes and services included in the proposed scope.
The application is used for what it was designed for. Then, threat modeling is generated to outline specific attacks on the application. The analysis is also based on the OWASP Testing Guide (OWASP Testing Guide) and the applicable requirements listed in the OWASP Application Security Verification Standard (OWASP ASVS).
Execution of the tests designed previously, which are expected to have the greatest impact. The procedure is manual with the support of automation tools. For each vulnerability or potentially faulty configuration detected, it is determined whether it corresponds to a false positive or a latent vulnerability, and whether or not it can be exploited in the particular context of the analysis.
The tests and their evidence are documented. In case of increasing the attack surface in the process, it is repeated from the initial step with the new information.
The final report is generated with the findings (description, evidence and recommendations).
Why choose GeneXus Consulting
Our consultants are constantly training in cybersecurity, taking courses and participating in international events.
International certifications (e.g. Offensive Security Web Expert, OSWE).
More than 10 years of experience in pentesting web, mobile and infrastructure applications.
Internal process of continuous improvement in analysis processes and emerging risks.
Fast and effective response to incidents.
Knowledge of compliance regulations (Uruguay).
High knowledge in the secure software development life cycle (SSDLC) with GeneXus applications.
Tailor-made plans
Learn about our cybersecurity plans.
Essential
Report
1 Analysis
Up to 1 user role
Testing
NA
Evaluation
USD 400
Professional
Report
2 Analysis
Up to 2 user roles
Testing
10 external IPs
Evaluation
USD 1.000
BASED ON ANNUAL CONTRACT
Enterprise
Report
4 Analysis
Up to 3 user roles
Testing
25 external IP
Evaluation