Application Security & Penetration Testing
BSG is a privately-held consulting firm specializing in application security, penetration testing, and professional training. Since our founding in 2014, we have delivered hundreds of successful projects to more than 80 clients in all major verticals. We help our customers build a risk-aware mindset and integrate security principles into all aspects of their business.
Focus
Portfolio
Berezha Security has built a solid client base in the following business verticals: Software Development, FinTech, Financial Services, Telecommunications, eCommerce, Banking, Oil & Gas, Sales & Distribution.
Reviews
the project
Security Assessment for Security System Developer
"The team was responsive and no blockers along the way."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
R&D Director at a developer and manufacturer of the most award-winning wireless security system in Europe. We have around 200 employees in engineering and 1000 employees in manufacturing.
For what projects/services did your company hire Berezha Security?
We hired Berezha Security to perform a security audit and a "white hat" hacking of our IoT platform
What were your goals for this project?
We wanted to find either a proof of a good security level of our system or a list of security vulnerabilities to fix
How did you select Berezha Security?
I've received a few personal references from people in the industry
Describe the project in detail.
The scope of security audit was: IoT devices, cloud and mobile and desktop applications
What was the team composition?
Berezha Security formed a team of 3 security specialists to perform an audit. I'm not sure about their specialities, but AFAIK they were network and cloud security specialist, protocol reverse engineering specialist (who was also a team lead) and hardware reverse engineering specialists
Can you share any outcomes from the project that demonstrate progress or success?
All I can say that we are satisfied with the results.
How effective was the workflow between your team and theirs?
The communication was easy. The team was responsive and no blockers along the way.
What did you find most impressive about this company?
Guys have taught us the way of hacking IoT devices which has given us a lot of ideas on how we can improve our security.
Are there any areas for improvement?
It would be nice to have weekly updates about how the project is going during the project itself. However this feedback could be very specific to our case.
the project
Cybersecurity Services for Tech Gaming Company
"Berezha security always do their best and always demonstrate complex approach to solve any issues and difficulties"
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
I'm Head of IT Security at Parimatch Tech. Parimatch Tech - is a technological company which focused on making innovative products for gaming industry.
For what projects/services did your company hire Berezha Security?
We have our internal security awareness program and need to external stress test for employees to be sure that all of employees understood and use at least basic IT security rules and don't click risky emails.
What were your goals for this project?
We want to make "fake" phishing email company to motivate employees click our link and give their production credentials. For sure we wanted all employees successfully pass this exam and don't give credentials to "bad guys"
How did you select Berezha Security?
We searched mature external team or company with proven record at pentests and social engineering. Company or team need to be located at CIS region or perfect understand ukrainian mentality to make most effective phishing campaign
Describe the project in detail.
Our plan for this project was:
- Initial meeting when we discuss our request in details
- Technical meeting when we discuss technical realization and provide some internal information which should help to make phishing more applicable and effective. Also we discuss communication channels for this activity and create work chats at messenger. Berezha gives us PoC for web UI which collect credentials and PoC for collecting 2FA.
- In addition we define list of internal recipients. as a part of our project before 2nd meeting Berezha collect list of 150+ recipients from internet by themselves using OSIOT methodology
- At the third meeting we discuss results and pentest report. We defined some GAPs for 3rd party VPN solution and detect our zone for improvements at security awareness activities
What was the team composition?
We have one of the best team consist of application security lead, application security analysts and co-founder of Berezha security, LLC Each team member played valuable role for success of our project. From PoC of technical solution for collecting credentials and 2FA to developing concept of phishing mail.
Can you share any outcomes from the project that demonstrate progress or success?
- We defined our readiness for phishing campaign
- We re-evaluate threats for our corporate infrastructure
- We make few additional trainings for staff about social engineering
- We create few new monitoring controls for our customer activity This project gave us opportunity to review our standard approaches to social engineering education and demonstrate/measure impact for our infrastructure in cases of not aware admins click some malicious links and shared credentials
How effective was the workflow between your team and theirs?
In general we have excellent communication during the project. Because this was summer - we faced with vacancies period - so initial estimations of our project increased but we were ready for this changes. It's very useful and comfortable to communicate via messengers - not emails with project team so we discussed each issue and opportunity in a short time
What did you find most impressive about this company?
Berezha security always do their best and always demonstrate complex approach to solve any issues and difficulties at each our joint projects. It's amazing experience to work with such diligent and attentive team of professionals
Are there any areas for improvement?
Berezha security - one of the best team focused on pentests and security awareness. For sure, as a mature professionals their very good know all areas of improvement for their work. From my side - I should say that it's very difficult to find time in acceptable terms for collaboration so please hire new staff to make your services more accesible :)
the project
Cybersecurity Training for Banking Firm
"The communication was organized and the highest level possible using modern tools available."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
I am a deputy head of Information security division in one of the leading commercial banks on Ukrainian market. I am creating this review on behalf of CISO of our bank. My company has more than 2500 employees. My main responsibilities is to properly organize and oversee acceptable level of information security and cybersecurity in my organization.
For what projects/services did your company hire Berezha Security?
Our company required efficient training services for our IT staff and IT management staff in the field of cybersecurity.
What were your goals for this project?
The goal was to raise the level of cybersecurity awareness of our IT staff to introduce to our developers and IT management modern trends in the cybersecurity field and present modern approaches in integrating security requirements and features in existing SDLC processes.
How did you select Berezha Security?
The general pitching process was organized by our internal Procurement division according to strict internal rules. After the pitching process, Berezha security had shown the highest competences and experience level in the Ukrainian market.
Describe the project in detail.
Representatives of Berezha security had conducted a series of meetings with our representatives in order to collect desired topics to be introduced during training. After the meetings, they have introduced separate refined training programs according to our demands.
Additional specific lab and use case was developed exclusively for our demands. The training was developed according to the demands of different kinds of our development teams (e.g. Desktop development, Web-platform development, etc.)
What was the team composition?
The team was composed of a leading trainer with two additional lab specialists to introduce the most technical expertise during the session.
Can you share any outcomes from the project that demonstrate progress or success?
All participants highly noted the format and content of the training. What I would especially like to mention is the ability to convey complex things to the participants in simple words. The whole period of training was friendly and in general all participants felt comfortable.
We would also like to mention the stand, demonstrating the vulnerabilities of desktop software applications. This demonstration was very useful for our developers and especially useful during the management session. In general, the training exceeded all of our possible expectations.
How effective was the workflow between your team and theirs?
The workflow was plain and simple. The communication was organized and the highest level possible using modern tools available.
What did you find most impressive about this company?
Their ability to explain complex things in a simple way was amazing. The charismatic trainer and examples from real-life made the discussion good. There was less theory and more practice and live experience during the discussion.
Are there any areas for improvement?
Although there is always a way to make things better in the scope of our project we can`t think of any improvements that could be introduced. Everything was a top-notch level of service and experience for us.
the project
Security Assessment for Financial Services App
"The vendor's testers are experienced and knowledgeable in security testing."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
I am a Chief Security Officer at the card payment processing center. Our company provides their services in the Eastern and the Central Europe.
For what projects/services did your company hire Berezha Security?
Our company updated one of the public application with new functionality and needed to assess the security of new code and to test updated system according OWASP Top 10.
What were your goals for this project?
We wanted to ensure that updated application does not have vulnerabilities on the system and application levels.
How did you select this vendor?
I already had a positive experience of cooperation with Berezha Security specialists.
Describe the project in detail.
We had few meeting to discuss and agree the scope and objectives of project, used testing methodologies. During kick-off meeting we agree project schedule, used communication and contacts from both side.
What was the team composition?
Initially we discuss project details with a vendor manager. During the kick-off meeting a testing team was introduce. The team consisted of a team lead and 2 testers. During testing all communication was with the team lead.
Can you share any outcomes from the project that demonstrate progress or success?
During project 2 high-risk vulnerabilities were identified, repaired and re-tested.
How effective was the workflow between your team and theirs?
The communication was easy and on time. We were informed about identified vulnerabilities before a formal report was ready and had enough time to resolve these vulnerabilities.
What did you find most impressive about this company?
The vendor's testers are experienced and knowledgeable in security testing and secure technics of software code development.
Are there any areas for improvement?
All was done good.
the project
Security Testing for Content Intelligence Platform
"We are satisfied with their work."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
I am Senior Security Engineer in Conductor company which was named a market leader in Forrester's SEO platform evaluation validating our expertise within the industry.
For what projects/services did your company hire Berezha Security?
Conductor company is ISO 27001 compliant. We follow security best practices, and annual security penetration test made by 3rd party - is one of them. Berezha Security made a web application security assessment, source code review and external network penetration test.
What were your goals for this project?
Our goals during this project was to find weak points or vulnerabilities in our web application, and across external perimeter.
How did you select this vendor?
Berezha Security is well known team in Ukraine as they drive the conferences dedicated to information security and promote the need for attention to information technology security.
Describe the project in detail.
We had few meeting before the start of the project discussing the scope and details of how much time needed, communication channels and what needed from our side.
What was the team composition?
We created slack channel for all involved participants, there were 6 people from Berezha Security team.
Can you share any outcomes from the project that demonstrate progress or success?
The report was well organized and easy to understand. We got deep understanding of next remediation steps.
How effective was the workflow between your team and theirs?
During the month of Berezha Security work, we got in touch few times to elaborate some details. After project completed - they shared a full report to us and commented and explained all findings attentively to us.
What did you find most impressive about this company?
They made a huge work and found previously unknown bugs. Also, primary contact from Berezha Security quickly found a common language with the Conductor American team, they knew all the necessary processes for conducting a contract and had a prepared paper.
Are there any areas for improvement?
We are satisfied with their work.
the project
App Security Training for Cybersecurity Company
"They really want to improve cybersecurity knowledge in their customers."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
We are Clario, a consumer-focused cybersecurity company on a mission to change an industry. Over 800 professionals including over 600 digital security experts, with the one common goal of digital security for all. We’re bringing change and a next-generation digital security solution. I'm a Security Engineer.
For what projects/services did your company hire Berezha Security?
We want to increase knowladge every developer, QA, system administrator, and R&D specialist about application security deep learn.
What were your goals for this project?
Deep learning knowledge about application security.
How did you select this vendor?
We hear that Berezha Security's the most famous company in Ukraine, also they have really good specialists, and makes a lot of public activity.
Describe the project in detail.
We have 5-day training for our developers, QA, R&D specialists, and Security Engineer. The trainer was a really deep knowledge person, also certified specialists with 10 years of practice in Cybersecurity.
What was the team composition?
Application Security trainer
Can you share any outcomes from the project that demonstrate progress or success?
Developers teams are implementing the knowledge that they have taken from this course in our products and services.
How effective was the workflow between your team and theirs?
They have really good communications, also we have communications channels.
What did you find most impressive about this company?
They really want to improve cybersecurity knowledge in their customers.
Are there any areas for improvement?
Everything is fine.
the project
Cybersecurity Penetration Testing for Software Dev Company
“They have vast technical knowledge and are able to find a lot of issues using different resources.”
the reviewer
the review
A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.
Introduce your business and what you do there.
I’m the information security manager at a software development company.
What challenge were you trying to address with Berezha Security?
We needed our annual penetration testing done. We also had some internal challenges, such as educating our employees, that needed attention.
What was the scope of their involvement?
Berezha Security performed a full black-box test. They performed SSID coding, created a fake WiFi network in an attempt to get employee credentials, conducted encryption of laptops, and “hacked” us to test our security. Their team prepared fake websites to catch any phishing and tested our endpoint protection, providing a detailed report of their findings to help us understand any breaches we had.
What is the team composition?
Vlad (VP of Business Development) was the project manager and point of contact. There were a few engineers as well.
How did you come to work with Berezha Security?
Berezha Security is a well-known company in the area. Also, I’ve known Vlad for many years and worked with him on many projects.
What is the status of this engagement?
We worked together from March 2018–March 2020.
What evidence can you share that demonstrates the impact of the engagement?
We like the high-quality level of their work. Their specialists are certified, enabling us to show proof that our penetration testing was done by professionals.
How did Berezha Security perform from a project management standpoint?
They’ve always met deadlines on every project. Their team fully achieved our requirements.
What did you find most impressive about them?
Their unique approach sets them apart from other companies. Berezha Security develops their own scripts and their standard scanners can be blocked. They have vast technical knowledge and are able to find a lot of issues using different resources.
Are there any areas they could improve?
Their system has missed some smaller, less-critical yet important breaches. If they were to scan first, they might find those breaches to report.
the project
Security Assessment for Educational Startup Company
"Our communication was easy and effective."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
My role is the Security Engineer in the online educational startup platform.
For what projects/services did your company hire Berezha Security?
White-box Security Assessment of the mobile application, web services, and IT infrastructure
What were your goals for this project?
Our goal was to make an external security assessment before starting a bug bounty program.
How did you select this vendor?
We select Berezha Security as a vendor of security assessment services after comparing it with similar companies.
Describe the project in detail.
Scope of work was next: Security Assessment of the mobile application and the web service(White-Box Application Security Assessment, Web Application, API web service, and mobile application), Security Assessment of IT infrastructure(Cloud Security Configuration Review).
What was the team composition?
Their team for our project consisted of 6 members.
Can you share any outcomes from the project that demonstrate progress or success?
They did a good job and on output, we got reports with security-related issues missed by us.
How effective was the workflow between your team and theirs?
Our communication was easy and effective.
What did you find most impressive about this company?
Autonomous of their team.
Are there any areas for improvement?
I can't say because it was the first security assessment of our company that's why I don't have enough data to compare.
the project
Security Training for IT Consulting Company
"Berezha Security conducted an excellent training."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
I’m a CISO at a software development and IT consulting company. Our customers are citizens of the European Union.
For what projects/services did your company hire Berezha Security?
We hired them to conduct an application security awareness training
What were your goals for this project?
Our goal was to to help our development teams increase level of application security awareness
How did you select this vendor?
By recommendation
Describe the project in detail.
The goal of this project was to increase application safety awareness in our team. Training developers to work with tools for penetration testing
What was the team composition?
The team consisted of a security professional from Berezha Security’s side and our developer team.
Can you share any outcomes from the project that demonstrate progress or success?
Berezha Security conducted an excellent training. Demonstrated the work of various penetration testing tools. Introduced a team with new frameworks.
How effective was the workflow between your team and theirs?
They had a very effective workflow. Specialist from Berezha Security was very responsive and the best speaker.
What did you find most impressive about this company?
This is a great team made up of excellent security professionals. Very deep understanding of what they are doing.
Are there any areas for improvement?
No, not that I recall.
the project
Cybersecurity for Startup
“They're extremely focused on mitigation and actually provide concrete solutions.”
the reviewer
the review
A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.
Introduce your business and what you do there.
I'm the director at a tech startup.
What challenge were you trying to address with Berezha Security?
We needed to improve the security of our platform.
What was the scope of their involvement?
Berezha provided cybersecurity services, including a security assessment of our web app and penetration testing.
What is the team composition?
I worked directly with two people, including Vlad (Co-founder, Berezha Security).
How did you come to work with Berezha Security?
We'd been working with them prior to when I came on board, but I believe it was a reengagement based on the company's previous experience working with them.
What is the status of this engagement?
The most recent project began in May 2019 and, although the penetration test was completed, we have a 60-day grace period remaining on our contract for ongoing support as needed.
What evidence can you share that demonstrates the impact of the engagement?
Berezha was able to find a handful of areas on our platform we needed to fix and has even provided solutions for how to approach them. Overall, their efforts have been very valuable.
How did Berezha Security perform from a project management standpoint?
They're very responsive, accessible, and clear in communications. They thoroughly document their work and go out of their way to answer any questions we have or let us know when anything critical needs to be addressed.
What did you find most impressive about them?
They're extremely focused on mitigation and actually provide concrete solutions. Rather than just pointing out where our platform is broken, they offer valuable feedback around how we can fix it.
Are there any areas they could improve?
No. Although it was my first time working with them, it's been great overall.
Do you have any advice for potential customers?
Don't be afraid to communicate with them in detail; they're always ready and willing to offer feedback.
The client was satisfied with the outcome. The team was able to teach the client ways to hack their IoT devices, giving them a lot of ideas on how to improve their security. Communicating with Berezha Security Group was easy.