Application Security & Penetration Testing Experts

Berezha is on a mission of providing top quality cybersecurity services while keeping them affordable for the widest range of customers.

We help our clients improve their security posture by applying our expertise in Software Security, Penetration Testing, Bug Bounties, and IT Security Audit.

 
$5,000+
 
$50 - $99 / hr
 
2 - 9
 Founded
2014
Show all +
Kyiv, Ukraine
headquarters
  • Kyiv
    Ukraine

Portfolio

Key clients: 

Berezha Security has built a solid client base in the following business verticals: Software Development, FinTech, Financial Services, Telecommunications, eCommerce, Banking, Oil & Gas, Sales & Distribution.

After years of providing Social Engineering assessments, we have figured out a way to make our clients more resistant to modern cyber threats that exploit human vulnerabilities and immature corporate security culture. This training is based on a wide spectrum of research in both cybersecurity and psychology, as well as our more than 10 years experience in the field. It is recommended to top managers and employees at positions

of trust and authority. By changing the core of the company, we change security culture and transform the so-called "weakest link" into the most effective countermeasure.

8 hours • 2500 EUR

Our penetration testing services vary from a plain simple network intrusion simulation, through a complex infrastructure security assessment, to a full-scope red teaming exercise with physical access testing and social engineering audit. Our penetration testers are trained and certified as OSCP, CISSP, CISA, and CEH, and have more than 10 years of​ experience in offensive security.

Duration varies • 2500-14500 EUR

By using our vast experience in AppSec, modern OWASP methodologies, state of the art bug-hunting techniques, and the best tools some of which we have developed ourselves, we help you find and remediate security vulnerabilities in your software. All clients get a free re-test during the 60 days grace period.

Duration varies • 2500-9500 EUR

We improve software development culture and seed application security awareness in your team by providing the full spectrum of AppSec consulting services: from initial training and implementing OWASP SAMM practices to the modern DevSecOps installations within existing CI pipelines.

Duration varies • 2500-12500 EUR

Reviews

Sort by

Cybersecurity for Startup

“They're extremely focused on mitigation and actually provide concrete solutions.”

Quality: 
4.5
Schedule: 
5.0
Cost: 
4.5
Willing to refer: 
5.0
The Project
 
Confidential
 
May. 2019 - Ongoing
Project summary: 

Berezha conducted a security assessment of a website application and provided penetration testing. They also continue to provide support under a maintenance period. 

The Reviewer
 
11-50 Employees
 
London, England
Director, Technology Platform
 
Verified
The Review
Feedback summary: 

Berezha provided valuable feedback from the cybersecurity services they provided overall, including possible solutions for broken elements within the platform. They're also very communicative, organized, and proactive in their approach overall. 

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there.

I'm the director at a tech startup.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Berezha Security?

We needed to improve the security of our platform.

SOLUTION

What was the scope of their involvement?

Berezha provided cybersecurity services, including a security assessment of our web app and penetration testing.

What is the team composition? 

I worked directly with two people, including Vlad (Co-founder, Berezha Security).

How did you come to work with Berezha Security?

We'd been working with them prior to when I came on board, but I believe it was a reengagement based on the company's previous experience working with them. 

What is the status of this engagement?

The most recent project began in May 2019 and, although the penetration test was completed, we have a 60-day grace period remaining on our contract for ongoing support as needed. 

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

Berezha was able to find a handful of areas on our platform we needed to fix and has even provided solutions for how to approach them. Overall, their efforts have been very valuable.

How did Berezha Security perform from a project management standpoint?

They're very responsive, accessible, and clear in communications. They thoroughly document their work and go out of their way to answer any questions we have or let us know when anything critical needs to be addressed. 

What did you find most impressive about them?

They're extremely focused on mitigation and actually provide concrete solutions. Rather than just pointing out where our platform is broken, they offer valuable feedback around how we can fix it. 

Are there any areas they could improve?

No. Although it was my first time working with them, it's been great overall. 

Do you have any advice for potential customers?

Don't be afraid to communicate with them in detail; they're always ready and willing to offer feedback. 

5.0
Overall Score They're great communicators.
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 4.5 Cost
    Value / within estimates
  • 4.5 Quality
    Service & deliverables
    Perfection isn't an option in this type of service.
  • 5.0 NPS
    Willing to refer

Penetration Testing for Software Dev Company

"I can recommend them as a trusted partner for any kind of security services."

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
Confidential
 
Apr. 2019
Project summary: 

Berezha Security conducted an independent validation of the company’s network security, which included penetration testing and evaluating the overall security from a hacking perspective.

The Reviewer
 
5,001-10,000 Employees
 
Austin, Texas
Mykhaylo Kropyva
Information Security Director, SoftServe
 
Verified
The Review
Feedback summary: 

In only three weeks, Berezha Security produced a report and re-checked things to ensure there were no security gaps. They offered free advice and communicated efficiently, promptly addressing all questions related to their findings. Overall, they’re an experienced vendor in the cybersecurity field.

The client submitted this review online.

BACKGROUND

Please describe your company and your position there.

I’m the information security director at a software development company with more than 8,000 employees headquartered in the US and Ukraine.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Berezha Security?

Our company is continually growing, and we had customer demand to run company-wide penetration testing through a third-party vendor, so we hired Berezha Security to perform independent validation of our network security.

What were your goals for this project?

In addition to our ISO27001 certification, we wanted to evaluate our security from an ethical hacking perspective and obtain a penetration test report that we can show to our enterprise clients.

SOLUTION

How did you select this vendor?

We selected Berezha Security from a global list of cybersecurity vendors.

Describe the project in detail.

Once we selected the vendor, we had a few meetings. After signing an agreement, Berezha Security began penetration testing and provided quick responses during the whole project. The report was conducted in three weeks, and we had a chance to fix issues. They also re-checked things for us for free.

What was the team composition?

From our side, we began with a security operations team and IT representatives that we ready to fix things. Berezha Security’s team lead managed our progress and added a few penetration testing specialists to the project.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

They did an excellent job and produced result from the very start. I can recommend them as a trusted partner for any kind of security services.

How effective was the workflow between your team and theirs?

It was easy to communicate with them. We received quick responses to any questions related to their findings.

What did you find most impressive about this company?

I'm impressed by the Berezha Security’s speed, maturity, and readiness to provide additional advice free of charge.

Are there any areas for improvement?

Having a web portal that allows tracking, reporting, closing, and re-checking will improve user experience a bit.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Security Testing for IT Consultants

"The collaboration was easy and effective." 

Quality: 
5.0
Schedule: 
5.0
Cost: 
4.5
Willing to refer: 
5.0
The Project
 
Less than $10,000
 
Jan. - Mar. 2019
Project summary: 

Berezha Security performed penetration testing on architecture and applications. After delivering a series of recommendations, they performed a final scan and produced a final report.

The Reviewer
 
201-500 Employees
 
Kiev, Ukraine
IT Director, Software Development and IT Consulting Company
 
Verified
The Review
Feedback summary: 

End-client relationships have been strengthened thanks to the tight security demonstrated during testing. Berezha Security added significant value with their outside-the-box suggestions for improvement. Customers can expect a smooth workflow and professional partner.

The client submitted this review online.

BACKGROUND

Please describe your company and your position there.

I’m an IT Director at a software development and IT consulting company. Our clients are well-known companies in the US and Europe.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Berezha Security?

We needed to fulfill security requirements in a contract we’d signed with one of our clients. One such requirement was to provide penetration testing of our IT infrastructure and applications.

What were your goals for this project?

We set out to review the security of our new project by assessing external and internal IT infrastructure. This involved identifying existing security flaws and vulnerabilities, attempting to exploit those vulnerabilities, and demonstrating relevant security risks.

SOLUTION

How did you select this vendor?

We chose Berezha Security from among several companies. We also had some recommendations from acquaintances that work with IT Security. Our client also approved of them.

Describe the project in detail.

Berezha Security scanned our infrastructure and applications for three weeks. Throughout that time, they provided us with their current status and progress. Several weeks later, we received a detailed report with their recommendations. After implementing those recommendations, they did a final scan and delivered a final report.

What was the team composition?

Their team consisted of four members. We also were assigned a project manager to support us.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

By performing penetration tests, we significantly improved cooperation with our new client. We also reduced security risks for our whole company. I believe we're better protected now, seeing as many of their ideas were new to us.

How effective was the workflow between your team and theirs?

The collaboration was easy and effective.

What did you find most impressive about this company?

Their professional skills are really great.

Are there any areas for improvement?

Everything was fine.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 4.5 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Cybersecurity Penetration Test for Development Firm

"...Berezha Security is distinguished by its quality approach to task fulfillment and perseverance." 

Quality: 
5.0
Schedule: 
5.0
Cost: 
4.5
Willing to refer: 
5.0
The Project
 
$10,000 to $49,999
 
Oct. - Dec. 2018
Project summary: 

Berezha Security performed a penetration test to ensure compliance with industry standards. Afterward, they produced a report containing both existing weakness and appropriate remedies.

The Reviewer
 
501-1,000 Employees
 
Kyiv, Ukraine
Cybersecurity Manager, Software Development Firm
 
Verified
The Review
Feedback summary: 

Security is much improved thanks to Berezha Security’s efforts. Their frequent communication via multiple channels empowered them to work independently while adhering to mutually agreed-upon project requirements. They deliver what they promise and strive for the highest level of quality.

The client submitted this review online.

BACKGROUND

Please describe your company and your position there.

I’m the cybersecurity manager at a software development firm.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Berezha Security?

We needed an independent party to perform our annual penetration test to comply with a specific information security standard (ISO 27001).

What were your goals for this project?

We had to assess our current protection level and identify potential network and application infrastructure weaknesses. We also needed to measure our staff’s awareness of information security topics.

SOLUTION

How did you select this vendor?

We chose from between three vendors. Berezha Security’s offered approach was the best match for our price and scope.

Describe the project in detail.

Initially, we laid out our scope, previous approaches, and preferred communication plan for the vendor. They worked through our agreed stages independently with minimal involvement from our employees. We received a detailed report of our weak points and Berezha Security’s recommended fixes.

What was the team composition?

We worked with a project manager and a couple of security analysts.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

Their protection measures are effective.

How effective was the workflow between your team and theirs?

We were in constant communication via phone and instant messaging.

What did you find most impressive about this company?

I’ve worked with several vendors, but Berezha Security is distinguished by its quality approach to task fulfillment and perseverance.

Are there any areas for improvement?

No. We’re satisfied with the results.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 4.5 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Penetration Testing for B2B SaaS Startup

“…they cared about our long-term security and wanted to establish a lasting vendor relationship with us.”

Quality: 
5.0
Schedule: 
5.0
Cost: 
4.5
Willing to refer: 
5.0
The Project
 
Less than $10,000
 
Oct. - Nov. 2018
Project summary: 

Berezha Security performed a penetration test to assess known security issues and identify new risks. Afterward, they provided a written report detailing their findings and offered technical solutions.

The Reviewer
 
11-50 Employees
 
San Francisco, California
Roger Graves
Co-founder & CTO, Cloverpop, Inc.
 
Verified
The Review
Feedback summary: 

The team took a meticulous approach, which helped inspire confidence in the relationship. By the first day of tests, Berezha Security found and resolved a mid-level security risk that was previously unknown. They also suggested ways to address minor issues without negatively affecting end customers.

The client submitted this review online.

BACKGROUND

Please describe your company and your position there.

I’m a co-founder and CTO of Cloverpop, Inc., a B2B SaaS startup headquartered in San Francisco. Our company has about 30 employees, and we serve enterprise companies. I oversee our software development operations.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Berezha Security?

We approached Berezha Security to conduct this year’s annual penetration test of our online applications to improve our security and comply with our security operations center (SOC) obligations.

What were your goals for this project?

We were already aware of a minor outstanding security issue but wanted to identify new ones that we weren’t yet aware of.

SOLUTION

How did you select this vendor?

We identified five potential vendors, including Berezha Security. One of our security engineers spoke with each vendor, and we asked for a written proposal. Ultimately, we selected Berezha Security based on a combination of industry reputation, professionalism, responses to our questions, processes described in the proposal, and the reasonable price range.

Describe the project in detail.

We outlined a timeframe for the penetration test and established a secure communication process to be followed if any significant breaches were detected by Berezha personnel. At the end of the test, they delivered a detailed written report of their findings, and the team provided advice/support on how to best deal with each vulnerability found.

What was the team composition?

We primarily communicated with a project manager, but there was also a lead security engineer who answered our technical questions about specific issues.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

They discovered a medium-level security risk that we were unaware of and fixed it by the first day of the project. They also gave excellent advice on how to deal with the minor risks that we knew about but were unsure how to address without negatively impacting our customers. At the end of testing, they delivered an excellent written report that we could share with enterprise customers and SOC auditors.

How effective was the workflow between your team and theirs?

I was pleased with their responsiveness. I corresponded with their project manager who replied instantly to my inquiries, even during weekends and off-hours.

What did you find most impressive about this company?

I was impressed with their work processes, which they’d described during the bidding phase and followed diligently during the test. It was also clear that they cared about our long-term security and wanted to establish a lasting vendor relationship with us rather than just a single project.

Are there any areas for improvement?

No, nothing that I can think of.

5.0
Overall Score Overall, it was just a very positive experience.
  • 5.0 Scheduling
    ON TIME / DEADLINES
    They moved their schedule around a couple of times to accommodate our needs.
  • 4.5 Cost
    Value / within estimates
    Their proposal wasn't the lowest bid, but it seemed like an above-average value.
  • 5.0 Quality
    Service & deliverables
    As far as we could tell, they completed every aspect of the project exceptionally well.
  • 5.0 NPS
    Willing to refer
    They were a pleasure to work with, and we felt like we got excellent results.

Penetration Testing for Financial IT Services Company

"I believe that their tests are of high quality."

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
Less than $10,000
 
Sep. - Oct. 2018
Project summary: 

Berezha Security conducted penetration testing for an Android and iOS mobile app. They delivered a report with all the vulnerabilities they found as well as suggestions on how to fix them.

The Reviewer
 
201-500 Employees
 
Frankfurt, Germany
Mikhail Gumanovskiy
CTO, Quipu GmbH
 
Verified
The Review
Feedback summary: 

Their involvement was essential to fixing design flaws that could’ve led to cyberattack and other issues. Berezha Security’s highly technical feedback not only improved the platform but also shed some light on things to take into account for future development work.

The client submitted this review online.

BACKGROUND

Please describe your company and your position there.

I'm CTO of Quipu GmbH, an IT service provider for Procredit Group. I'm responsible for software development, implementation, and support.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Berezha Security?

We hired Berezha security to conduct a security analysis of the new version of a mobile application.

SOLUTION

How did you select this vendor?

Our IT security department chose them based on recommendations of their colleagues. We had collaborated with Berezha Security before on other projects.

Describe the project in detail.

Berezha Security performed penetration testing of a mobile app built on both Android and iOS platforms. We introduced them to our solution’s architecture and business logic, after which they conducted the necessary tests and then provided a report on the encountered vulnerabilities as well as recommendations on how to fix them. After we followed their suggestions, they confirmed that the issues could be considered closed.

What was the team composition?

We had a project manager involved from our side that communicated with Berezha Security’s COO. There were several other specialists involved in the process, though.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

We’re satisfied with the results of the project. Berezha Security helped find mistakes in the design that could’ve led to possible hacker attacks. Their recommendations were deeply technical as well, which helped us organize our work and architectural design in a better way.

How effective was the workflow between your team and theirs?

All communication was done in a friendly manner.

What did you find most impressive about this company?

Our collaboration with Berezha Security was really valuable because it allowed us to not only cover the needs of this particular project but also learn new and important things to take into account for future developments.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
    The schedule was discussed upfront and results were provided on time.
  • 5.0 Cost
    Value / within estimates
    The price for the services they provided was very competitive.
  • 5.0 Quality
    Service & deliverables
    I believe that their tests are of high quality.
  • 5.0 NPS
    Willing to refer

Penetration Testing for Web Platform

“They were high-level professionals with enough knowledge to advise us on our security measures.”

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
Less than $10,000
 
May - June 2017
Project summary: 

Berezha Security performed numerous security assessments and penetration tests to identify weak points in a platform. They then delivered reports and documents with the results.

The Reviewer
 
51-200 Employees
 
Netherlands
Software Architecture, Staffing Platform
 
Verified
The Review
Feedback summary: 

Berezha Security highlighted blind spots in the platform’s defense, allowing the internal team to make adjustments. A complimentary test afterward ensured that all security issues were addressed. The team communicated consistently and boasted quick response times.

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there.

Our company provides a platform for temporary staffing agencies. I serve as the software architect.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Berezha Security?

We were looking for a company that could oversee our security and do penetration testing.

SOLUTION

What was the scope of their involvement?

They performed various security reviews and penetration tests for our platform’s infrastructure. Afterward, they provided reports detailing which components they checked and any salient results. We used their findings to improve our platform. The team also offered a free retest in the months following to see if we actually fixed the issue.

What is the team composition?

I’m not sure how many people were involved in the testing, but we had a single point of contact.

How did you come to work with Berezha Security?

One of our colleagues had worked with them before and referred us to them.

How much have you invested with them?

We spent less than $5,000.

What is the status of this engagement?

Their work lasted from May–June 2017.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

The penetration tests have helped us ensure that we have a well-protected software. We're now more confident in our product’s security.

How did Berezha Security perform from a project management standpoint?

They performed well. There were no delays in response time, and communication was good. We had a group chat with quite a few people. If we asked for extra reports or documentation, they always provided them.

What did you find most impressive about them?

They were high-level professionals with enough knowledge to advise us on our security measures. They provided us with good information to improve our platform.

Are there any areas they could improve?

No, nothing comes to mind. Working with them was good.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Penetration Testing for FinTech Software Firm

"The steps were quite clear and we knew what to expect."

Quality: 
5.0
Schedule: 
5.0
Cost: 
4.0
Willing to refer: 
5.0
The Project
 
Less than $10,000
 
June 2017 - June 2018
Project summary: 

Berezha Security handled penetration testing for two projects, the main one being for a mobile app and its API. They also tested a web app and provided detailed reported on areas of improvement.

The Reviewer
 
51-200 Employees
 
San Francisco Bay Area
Olga Bandura
Head of Inside Sales, Softjourn
 
Verified
The Review
Feedback summary: 

They filled a gap in in-house talent, allowing the delivery of a fully-tested product without having to invest in hiring new resources. Berezha Security’s attentive team understood project needs quickly and were easy to work with, making the collaboration seamless and rewarding.

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there.

I’m the head of inside sales at Softjourn, a software development company. We’re a service provider that mainly works with cards, payments, and fintech services.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Berezha Security?

We needed a company to conduct penetration testing for one of our client projects. We didn’t have the expertise in-house for the task.

SOLUTION

What was the scope of their involvement?

They performed penetration testing, which involved the analysis of the code of the mobile access control app for one of our ticketing clients. They looked at both the mobile app and the API side of it. After that, they sent a very detailed report on the breaches and areas that needed improvement in order to make the app more secure and protected.

The app is based on Submarine and the API is .NET. Berezha Security also worked with our venue mapping tool that helps create maps of venues. They did the same testing, with the only difference being that it’s a web-based application.

What is the team composition?

We mainly talked with the co-founder, who acted as the account manager and project manager as well. We also collaborated directly with the person in charge of testing.

How did you come to work with Berezha Security?

We were referred to them by one of our clients and employees that met them at one of the conferences they spoke at. We chose them because of their expertise; they had all of the certifications needed in order to perform the penetration testing. Their price was also better than the other companies we approached.

How much have you invested with them?

We spent less than $10,000.

What is the status of this engagement?

We started working together in June 2017 until June 2018.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

For the first project, they helped provide something we didn’t have in-house expertise for. That added value to the services we provide our clients without having to invest in getting people to learn how to do the testing and get all the certifications required.

Per their recommendations, we’ve made the improvements and changes in the code for the system. After that, they retested everything to make sure all the gaps were fixed.

How did Berezha Security perform from a project management standpoint?

I’m very happy with their availability and responsiveness. We used Skype most of the time.

What did you find most impressive about them?

They were easy to work with, responsive, and effortlessly understood our needs. They sent us the overview of the proposed solution and how to perform the penetration testing quickly. We didn’t have to spend much time managing them, and they sent the analysis and results on time.

Do you have any advice for potential customers?

The process with them is straightforward. The steps were quite clear and we knew what to expect.

5.0
Overall Score They were good.
  • 5.0 Scheduling
    ON TIME / DEADLINES
    They met deadlines.
  • 4.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Security Audit for Web Platform

"They know what they’re doing."

Quality: 
5.0
Schedule: 
4.5
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
Less than $10,000
 
Apr. - May 2018
Project summary: 

Berezha Security performed a full audit and penetration test of Android and iOS apps, a web app, and multiple APIs. They provided a summary report and ran follow-up tests several months later. 

The Reviewer
 
11-50 Employees
 
Amsterdam, Netherlands
Léa Moreau
Product Owner, SRXP
 
Verified
The Review
Feedback summary: 

The thorough, detailed audit helped eliminate system flaws and increase customer confidence. Berezha Security stayed in constant contact so that issues could be addressed in real time. Their professionalism, clear reporting, and extensive knowledge of the industry made the partnership strong. 

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there.

SRXP specializes in digitizing expense receipts for corporate entities. Users take pictures of their receipts on a mobile phone, and we process them and send them back to their financial administration. I'm the product owner of the technical team.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Berezha Security?

We needed a cybersecurity and security audit. Since we're growing, we wanted to ensure that we had the correct security and eliminate any major flaws in our infrastructure. After adding a credit card integration, we called Berezha Security. 

SOLUTION

What was the scope of their involvement?

We initially talked about our needs and explained our work and infrastructure. This was our first time running a penetration test. For the initial run, they suggested tests that made sense for our application. We followed their advice, and they started testing two weeks later.

They tested in our acceptance environments, telling us in advance when they blasted a high number of requests. We had to freeze our environments, since releasing new things during testing can change everything.

They updated us as soon as they checked anything. Two weeks after testing, they provided a report that explained everything we had to correct. That was nice, since we had a few bugs. They didn’t find a lot of faults, but we corrected the ones they found right away. 

Two months after the first test, Berezha Security performed the same ones. They checked the old bugs and wrote a clearer report for our clients. We're hoping to assess our security with Berezha again next year by performing black box testing on our server and database.

What is the team composition?

I had two main contacts, so I could always reach out to someone. At the end of the project, we met with the four others who tested our site's security. We met remotely with everyone who worked on our issues.

How did you come to work with Berezha Security?

We were referred to them by another partner, who said that they were professional. They recommended them specifically because they offered extra security services. They don't just perform checks for companies, but are also active in the outside world.

How much have you invested with them?

We tested Android and iOS apps, the API, and the web application for a bit less than €5,000 (approximately $5,900).

What is the status of this engagement?

We worked with Berezha between April and May 2018.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

They messaged us as soon as they found something, and we fixed all the issues in real time. This gave us more time to make the fixes. It was important that we paid attention to security. This was our first step toward guaranteeing security for our clients and giving them more trust in our platform. 

How did Berezha Security perform from a project management standpoint?

We used WhatsApp, Hangouts, and email. It was easy for us to reach each other if something happened.

What did you find most impressive about them?

Berezha’s approach was great. I'd had issues communicating with the parties testing our infrastructure, which led to a lot of bugs on our platform. Berezha let us know before they did something. I appreciated being informed about what was happening.

Do you have any advice for future clients of theirs?

They know what they’re doing. Explain your infrastructure and what they should achieve. Instead of covering everything, they will advise you on pricing and determine exactly what needs to be tested. They won't just test a lot of things for a bigger bill.

5.0
Overall Score
  • 4.5 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
    They have competitive pricing.
  • 5.0 Quality
    Service & deliverables
    They did a great job.
  • 5.0 NPS
    Willing to refer

Penetration Testing for Telecom Firm

“I appreciated their professionalism, flexibility, and commitment to timelines.”

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
$10,000 to $49,999
 
Apr. - May 2018
Project summary: 

Berezha Security performed an in-depth security audit for an application, offering key recommendations on how to proceed with development. They also provided training on how to use code analyzers.

The Reviewer
 
11-50 Employees
 
Israel
R&D, Wireless Firm
 
Verified
The Review
Feedback summary: 

Berezha Security was able to identify numerous unforeseen security issues with the application. The team was meticulous and self-reliant, completing additional tasks without needless back and forth. Their success sets them up for future engagement. 

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there.

I’m the VP of R&D for WiSpear. Our company provides Wi-Fi intelligence and surveillance services, including a variety of network security products.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Berezha Security?

We needed resources to conduct penetration testing on our products.

SOLUTION

What was the scope of their involvement?

They conducted black-box penetration testing and suggested security measures for various parts of our application. They also taught us how to use code analyzers in our technologies. I had a lot of questions along the way and added plenty of additional requirements. Despite that, they remained flexible and accommodated my needs.

What is the team composition?

I mostly worked with one of their co-founders. He was professional and worked independently.

How did you come to work with Berezha Security?

We considered several companies around the world but focused on Kyiv-based testers. Multiple people recommended Berexha Security to us, so we reached out to them. They responded promptly to my questions, and I was impressed with their professionalism and reasonable rates.

How much have you invested in them?

We spent around $10,000.

What is the status of this engagement?

Their work lasted from April–May 2018.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

They found several major security problems with our product, which allowed us to create an improvement plan. The plan identified best practices for developing our application while keeping future features in mind.

How did Berezha Security perform from a project management standpoint?

I was pleased with their quality of work and plan to continue collaborating with them on otherThey had a reasonable rate for such high-quality work. projects.

What did you find most impressive about them?

I appreciated their professionalism, flexibility, and commitment to timelines. Furthermore, they found several security issues that I hadn’t even thought about. It was easy to work with them because they were so independent. We didn’t have any conflicts or unnecessary discussions.

5.0
Overall Score It was pleasant to work with them.
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
    They had a reasonable rate for such high-quality work.
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer