API Penetration Testing
We deliver API, Kubernetes and cloud penetration testing engagements globally (AWS, Azure, GCP and AliCloud).
Our second specialization is DDoS simulation and DDoS resilience consulting.
We know well how to assess your API limits and rules, design them and test their efficiency.
headquarters
other locations
Focus
Portfolio
Undisclosed
Web & API Penetration Test for US Technology Start-Up
Key Findings:
- vulnerable file upload function;
- missing input validation in API;
- missing input validation in Web Form.
Android App Security Assessment for European Bank
Key Findings:
- no MFA;
- weak hashing algorithms;
- customer data leak (debug log, cache).
Kubernetes Security Assessment for US Retail Chain
Key Findings:
- weak authentication;
- secrets were stored in plain text;
- direct deployment from DEV network.
IoT Security Assessment for Technology Giant from South Korea
Key Findings:
- cloud back-end had weak authentication policies;
- a backdoor had been discovered (from a third-party library);
- weak encryption had been applied between the IoT device and cloud back-end.
AWS Security Assessment for US Oil Company
Key Findings:
- CloudTrail was off;
- EBS volumes were not encrypted;
- weak network filtering policy.
OpenShift Security Assessment for Digital Bank in Europe
Key Findings:
- public access to etcd;
- all containers ran under root;
- all users were admins.
Reviews
the project
Security Attack Simulations for Digital Banking Business
"What I found most impressive was the flexibility of their approach to work."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
My company is a provider of digital banking services in UK. I'm an chief information security officer who is responsible for IT security and PCI DSS compliance matters.
For what projects/services did your company hire CyberLands B.V.?
In order to comply with the PCI DSS, our company must undergo penetration testing every six months. Since we do not have in-house penters, we have hired Cyberlands B.V. to do this project
What were your goals for this project?
Our goal for this project was to ensure that the services that process, store and transmit our customers' payment card data have a high level of security and do not contain any critical vulnerabilities
How did you select CyberLands B.V.?
I know the staff of Cyberlands B.V. well from working on other projects and appreciate his professionalism, when he offered to work together on a project I had no doubts
Describe the project in detail.
We have a scope of services that process payment card data, which includes components: API and backend. The task of Cyberlands B.V. was to test these components and make sure that they have a high level of security and are not exposed to vulnerabilities that could allow our services and customer data to be compromised.
What was the team composition?
I have been in communication with the project manager and the head of penetration testing. Communication with the team was organised via telegram chat, which allowed all organisational and technical issues to be resolved promptly
Can you share any outcomes from the project that demonstrate progress or success?
The project demonstrated that our services have a high level of security, which Cyberlands B.V. helped us to verify by thoroughly checking the entire project scope
How effective was the workflow between your team and theirs?
The work was initially built efficiently, we started and completed the project on time, and there were no issues during the course of the project
What did you find most impressive about this company?
What I found most impressive was the flexibility of their approach to work, the speed with which all issues were resolved and the state-of-the-art tools used by colleagues at Cyberlands B.V. to conduct penetration testing
Are there any areas for improvement?
The only thing that could be improved is to designate a time frame for discussing the project and milestones during the day. In a distributed team environment, this would make the work even faster
the project
AWS Penetration Testing for IT Services Company
"Their scheduling flexibility and depth of expertise are amazing."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
I am a Project Manager at Spsoft – a premium technology accelerator from Bay Area.
For what projects/services did your company hire Cyberlands.io?
Spsoft hired Cyberlands for performing AWS Purple Team exercise (AWS Penetration Testing in general)
What were your goals for this project?
Our goal was to train our SOC analysts in AWS security monitoring and response
How did you select Cyberlands.io?
We selected Cyberlands because of their reputation and local presence in Ukraine where our involved delivery center is based
Describe the project in detail.
At first, we made a communication channel (Telegram), at second Cyberlands performed services of security check against targeted AWS infrastructure while our team tried to detect their activity. Finally, Cyberlands provided a detailed report on how the exercise of this offensive service was conducted
What was the team composition?
3
- Project Manager
- Offensive Expert
- Offensive Junior
Can you share any outcomes from the project that demonstrate progress or success?
The project was completed in full and we’ve got a great opportunity to uncover gaps in our SOC analyst's skills.
How effective was the workflow between your team and theirs?
Super effective, I would say. They applied agile as we needed with a heavy focus on Telegram and Google Meet.
What did you find most impressive about this company?
Their scheduling flexibility and depth of expertise are amazing.
Are there any areas for improvement?
They might push us to less agile project management practices, which would make delays from our side lesser.
the project
API Dev for Cloud & Hosting Infrastructure Company
"They have provided a clear and concise executive summary and risk metrics."
the reviewer
the review
The client submitted this review online.
Please describe your company and your position there.
I am a CTO at DV Global B.V. – Dutch cloud & premium hosting infrastructure company.
For what projects/services did your company hire Cyberlands.io?
We needed API Penetration Testing service to ensure our new offering is secure from external attackers
What were your goals for this project?
- Ensure our new service is secure from external threats
- Get penetration testing report to share it with our customers (for marketing purposes)
How did you select Cyberlands.io?
We found them in LinkedIn and selected over two other vendors
Describe the project in detail.
Cyberlands provided API Penetration Testing in conformance with industry-standard requirements set - OWASP API TOP-10 2019
What was the team composition?
There were two penetration testers - senior and junior
Can you share any outcomes from the project that demonstrate progress or success?
We've got a report with 5 API Security risks explained and mapped to our business specifics, as well as 9 remediation actions to be implemented
How effective was the workflow between your team and theirs?
The workflow was effective indeed, delayed were minimal and their customer focus was obvious
What did you find most impressive about this company?
They have provided clear and concise executive summary and risk metrics
Are there any areas for improvement?
We'd like to use electronic signatures, they were not ready for that from beginning
CyberLands B.V. did a fantastic job on the engagement. The excellent project management and communication skills of the vendor allowed the workflow to run smoothly. All in all, the team helped the stakeholders verify and meet their goals.