Logo

Holistic Security Assessments

 

 

Penetration Testing

Our expert team adopts an intruder’s perspective for penetration testing, developing new insights from observed results.

 

When requested to verify the correct implementation of security controls, we can perform pentesting tests on the perimeter and internal IT infrastructure, identifying possible attack vectors that could be exploited by cybercriminals. Generating specific recommendations to ensure the security of the organization’s technological assets.

The Dreamlab Centre of Excellence (CoE) underlines the company’s commitment to the development of international cybersecurity. The CoE programmes and initiatives focus primarily on applied research, aimed at tackling the real-world challenges faced in today’s Digital World. This includes improvements in the field of cybersecurity, adaptation and development of pioneering new technologies, and the establishment of first-class analysis in the fields of technical audit and cyberdefence solutions. Through the CoE, we improve the transfer and exchange of knowledge from our main lines of research for the benefit of global society and trade.

  • Dreamlab applies a systematic, concise and in-depth approach based on Open Standard Technologies (OSSTMM), to produce consistent, quantifiable and reproducible results.

  • We analyse all aspects of your IT and cyber infrastructure with a 360° methodology. This covers information, processes, networks, communication channels, plus both physical and human resources.

OSSTMM

Digital Payment (POS, ATM, APP)

More and more organizations are providing digital payment methods to facilitate the experience of their customers and it is crucial to verify the security status of each payment method and enable the secure digital growth of every business. To meet this need, we perform analyses to identify new ways of carrying out economic fraud and disruption of services, seeking to prevent future problems and secure each device, platform and application.

Critical Infrastructure, SCADA, ICS, IoT

We contribute to the improvement of cybersecurity for the critical industrial infrastructure of public and private companies; identifying gaps and shortcomings that may affect operational continuity, in addition to the availability, integrity and security of data and mass information.

Network and Infrastructure Audit

In order to improve security levels, we offer specific network infrastructure tests in which the security of individual network elements will be evaluated: Firewalls, IPS, EDR, protocols, encryption systems and policies will be examined.

Web Application Testing

Operational applications are constantly exposed to various threats, which represent a security risk for the host. An audit will check the safety of all organization applications along with those provided by third parties.

 


Mobile App Audit

By following a rigorous testing process, cybersecurity experts will review and examine mobile apps to test their quality and security.

     

  • Application of specialized ethical hacking tools
  • Use of mobile device emulators for testing
  • Analysis of the installation package (.apk) and required services
  • Review methodology based upon the OWASP Mobile Security Project Framework
  • Cross-platform review of both Android and iOS systems
  •  

 


Source Code Audit

Our security experts will adopt a highly structured approach to examine organization applications, focusing on their quality, security and accuracy.

     

  • Verification of security controls
  • Static analysis approach
  • Use of automated Static Application Security Testing (SAST) tools
  •  

 


Red Team Services

Using Red Team processes and methodologies, we can test the organization’s capacity to detect, identify, respond to, protect against and recover from a cyberattack.

 

We will provide information about the persons, processes and technologies maintaining cybersecurity in the organization, identifying improvement points and generating a roadmap.

Our methodology includes pentest, phishing and social engineering, adapting the approach to the unique requirements of the customer's service structure and business logic.