cyber security services

We are a team of cybersecurity professionals from Ukraine. Our consulting services include the assessment and implementation of information security, as well as training and workshops. 

We cover all stages of the system life cycle – from planning and engineering to security management and incident investigations. Our experience includes both security governance and deep technical skills, including software reverse engineering, 0-day vulnerability research, manual security review of source code, Red Team exercises, etc. 

The highest qualification, flexibility and reliability are our main distinctions:

- Experience in information security. We work in cyber security since 2001, in different sectors. Late in 2015, we initiated the H-X project. 

- International security certifications. We earned and keep up-to-date international security certifications (CISSP, CISA, CEH, OSCP, CLPTP, etc.). 

- Absolute legitimacy and confidentiality. The employees of H-X technologies strictly adhere to laws, regulations, corporate Code of Ethics and Penetration Testing Code of Ethics. We are ethical, white-hat hackers. Our specialists sign your commitment forms personally, just like your employees. 

- The highest customization and flexibility. Our approach allows the customer to understand more accurately what they pay for. This is our know-how and our main distinction from competitors.

- The highest quality. H-X uses modern comprehensive methodologies and tools. In every project, we develop suggestions for continuous improvement and track changes in the security of our customers over the years.

 

 
$1,000+
 
$25 - $49 / hr
 
10 - 49
 Founded
2015
Show all +
Kyiv, Ukraine
headquarters

Portfolio

Key clients: 

IT companies (both product and outsourcing ones), as well as construction, automotive, e-commerce, industrial, medical, pharmaceutical, telecommunication, retail, insurance companies, banks and governmental organizations, etc. Any company that values its information, online services, compliance, privacy and business continuity is our potential client. We negotiate with the company owners, directors, CEO, CIO, CSO, CISO, CTO, CAE, CFO, IT and security specialists, or similar roles.

Security incident response. Forensic investigations Image

Security incident response. Forensic investigations

It is always wiser and cheaper to prevent than to ‘cure’ or to ‘make an autopsy’, but if you are under attack now or require a cyber security incident investigation, you can get help here.

Our experts help mitigate and cease cyber attacks and other computer incidents, restore data and normal operations. Specialists of H-X Technologies take into account your business goals to choose the right incident response strategy

and give corresponding priorities to your data integrity or confidentiality, your business continuity, identification of the attackers or their prosecution.

We provide detailed forensic examination and analysis of computers, hard drives, mobile devices and digital media. We know how to investigate difficult cases and employ cutting-edge techniques such as analysis of Random-Access Memory (RAM), registry, shadow volumes, timeline analysis and other methods.

Last few years, we have witnessed the increase of computer crimes. Criminals are becoming more aware of digital forensic and investigation capabilities, therefore use more sophisticated methods to commit their crimes without leaving usual evidences. To identify, respond, examine, analyze and report on the computer security incidents, computer forensics and digital investigation methods are constantly evolving.

Our skills include but not limited to:

  • Acquiring Data and Evidence
  • Live Incident Response and Volatile Evidence Collection
  • Advanced Forensic Evidence Acquisition and Imaging
  • File System Timeline Analysis
  • Advanced File & Registry Analysis including Unallocated Metadata and File Content Types
  • Discovering Malware on a Host
  • Recovering Files
  • Application Footprinting and Software Forensics
  • Data Preservation
  • System Media and Artifact Analysis
  • Database Forensic
  • Mobile Forensic
Managed Security and Compliance: ISO 27001, etc. Image

Managed Security and Compliance: ISO 27001, etc.

Audit, implementation and support of ISO 27001, PCI DSS, VDA, TISAX, ISO 16949, ASPICE, HIPAA, GDPR and other standards and regulations. Official certification

The international standard ISO/IEC 27001:2013 “Information technology – Security techniques – Information security management systems – Requirements” is the most recognized worldwide framework for building modern Information Security Management Systems (ISMS) and their

official certification.

Our certifications (CISSP, ISO 27001 Lead Auditor, CISA, OSCP, CEH, etc.) allow us to cover both formal and practical aspects of security compliance and security management.

When building an ISMS or security controls, we rely not only on ISO 27001/27002 or PCI DSS, but also actively use other standards and frameworks, when this is appropriate or explicitly required by our customers or their partners. For example, ISF SoGP (Information Security Forum Standard of Good Practice for Information Security), COBIT (Control Objectives for Information & Associated Technologies), VDA ISA (Verband der Automobilindustrie - Association of the Automotive Industry - Information Security Assessment), TISAX (Trusted Information Security Assessment Exchange), ISO/TS 16949, ASPICE (Automotive Software Performance Improvement and Capability dEtermination), HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Privacy Regulation), and so on.

Our approach to implementation begins with simple steps in order to give you the first value for free, to introduce you to the process and to allow you to understand clearly the essence of the implementation works and your role in them.

Audit of Smart Contracts Image

Audit of Smart Contracts

We review and verify project specifications and the source code of smart contracts to assess their overall security, with a focus on weaknesses and potential vulnerabilities. We complement our findings with solutions that mitigate the risk of future attacks or loopholes.

PROBLEMS OF SMART CONTRACTS

  • Inconsistency between specification and implementation
  • Flawed design, logic, or access
control
  • Arithmetic overflow operations (integer overflow and underflow)
  • Reentrancy attacks, code injection attacks, and Denial of Service attacks
  • Exceeded limits on bytecode and gas usage
  • Miner attacks on timestamp and ordering, transaction-ordering dependence (TOD)
  • Race conditions, other known attacks and access control violations
  • METHODS AND TOOLS

    Our audits of smart contracts comply with the following requirements:

    1. The goal of the smart-contract audit is a meticulous code analysis to find security flaws and vulnerabilities.
    2. The security audit is performed using a combination of manual and automated tools and techniques to identify vulnerabilities within the target environment and to model their exploitation.
    3. The smart contract audit includes the following stages:
    4. The tests are conducted by a team of specialists with more than 17 years experience in different IT security domains; CISSP, OSCP, CISA and CEH certification holders.
    5. In general, the code review follows the best practices: Solidity Style Guide and Ethereum Smart Contract Security Best Practices.

    The tools we use: Slither, securify, Mythril, Sūrya, Solgraph, Truffle, Geth, Ganache, Mist, Metamask, solhint, mythx, etc.

     

    VDA ISA and TISAX implementation Image

    VDA ISA and TISAX implementation

    International information security standard VDA ISA was developed by the German Association of the Automotive Industry VDA (Verband der Automobilindustrie) based on ISO/IEC 27001 and 27002 standards.

    Our certifications (CISSP, ISO 27001 Lead Auditor, CISA, OSCP, CEH, etc.) allow us to cover both formal and practical aspects of security compliance and security management.

    The standard VDA ISA (Information Security

    Assessment) contains strictly structured information security assessment criteria, KPIs and additional optional modules:
    • Connection to 3rd parties
    • Data protection
    • Prototype protection

    TISAX (Trusted Information Security Assessment Exchange) is a framework for VDA ISA which allows independent vendors to share their certification and assessment results with their customers (usually from the automotive industry).

    When building an Information Security Management System (ISMS) and security controls, we rely not only on ISO 27001/27002, VDA ISA and TISAX requirements, but also actively use other standards and frameworks, when this is appropriate or explicitly required by our customers or their partners. For example, ISO/TS 16949, ASPICE (Automotive Software Performance Improvement and Capability dEtermination), GDPR (General Data Privacy Regulation), and so on.

    Our approach to implementation begins with simple steps so that you receive the first results for free. That would also introduce you to the process and help you understand how the implementation works and your role in it.

    Security audit and Penetration testing Image

    Security audit and Penetration testing

    Penetration testing (pentest, pen-test)  — is a security assessment of IT systems, personnel or the whole organization, using ethical hacking methods ("white hat"). Security experts simulate the behavior of computer criminals to assess whether unauthorized access, leakage of confidential information, interruption of service, physical intrusion, or other security incidents are possible. Pentest is not only an automated

    vulnerability scan, but mostly manual work. Depending on your preferences, the pentest may include interaction with your staff (social engineering).

    We have a wide, deep and unique experience and competence in IT and corporate security. Both in GRC (Governance, Risk management and Compliance), and in technical security. Both in Defensive Security and Offensive Security.

    We are highly qualified, flexible and reliable:

    • Experience in information security
    • International security certificates
    • Absolute legitimacy and confidentiality
    • Highest customization and flexibility
    • Highest quality

    Our pentests are at the highest level: reverse engineering, 0-day vulnerability research, Red Team, etc.

    • We participate in and win CTF and bug bounty.
    • We effectively do security analysis of source code and find vulnerabilities and problems that even commercial static security scanners cannot find.
    • We have rare competencies, such as the auditing of smart contracts.
    • We teach software architects, developers and testers how to program securely.
    • We have decades of experience in large international corporations.
    Security of industrial information technology (IT) and operational technology (OT) Image

    Security of industrial information technology (IT) and operational technology (OT)

    Security of industrial information technology (IT) and operational technology (OT): Industrial Control System (ICS) and Supervisory Control And Data Acquisition (SCADA)

    We provide Industrial IT/OT Security audit, implementation and training services together with our partners AT Engineering (ATE). This is a team of software, electrical and industrial process engineers who specialize in the field of industrial automation.

    The experience in industrial automation and software of ATE's staff begins in 1995, and they have completed more than 120 projects. Since 2005, they have completed more than 80 projects with an average capacity of 500 man-hours each.

    Our international certifications in industrial IT/OT security are ISA CFS and CRS. Our international certifications in general information security are ISC2 CISSP and SSCP, ISACA CISA, Offensive Security OSCP, EC-Council CEH, ISO 27001 Audit/Implementation and others.

    To show the level of our competence and erudition, the methods and tools that we use in everyday work are listed below.

    For audits, consultations and implementations in the field of security of technological processes, operations, equipment and software of industrial IT/OT, we use the following standards, frameworks and methodologies:

    • ISO/IEC 27001, VDA/TISAX
    • ISA99, ISA/IEC 62443
    • North American Electric Reliability Corporation (NERC) Reliability and Security Guidelines
    • NIST SP 800-82 Guide to Industrial Control Systems (ICS) Security, NIST Framework for Improving Critical Infrastructure Cybersecurity
    • DHS guidelines for critical infrastructure protection and the Critical Infrastructure Protection framework

    In the field of assessment and implementation of OT security, we work at the level of specific vendors. For example, we work with Siemens PLCs using Step7 and TIA Portal, with Schneider Electric equipment using Concept, UnityPro and SoMachine, with Mitsubishi using GX Works, with Omron using CXOne, with Carel using 1tool and with Wago using CoDeSys.

    In urgent cases, when it comes to preventing great material damage from a security incident, we are able to reverse engineer not only industrial software code, but also proprietary industrial protocols.

    We assess the security of SCADA computers and switches using common automatic and semi-automatic tools (vulnerability databases and scanners, exploits, IDS, IPS, EDR, SIEM, SOAR, etc.) with special configurations, and we also do manual analysis of SCADA scripts and other source code in white box mode.

    Security analysis of source code Image

    Security analysis of source code

    Get an outstanding level of security with our automated and manual analysis of source code of your applications, smart contracts, services and software components!

    You never get such level of assurance with penetration testing, solely automated code review or any other security activities. This service can be delivered as a separate project, in combination with white-box penetration testing or as a part of Application

    Security or Security Assessment services.

    Check out our business cases of security analysis of source code.

    The objective of this analysis is security assessment of the source code of your systems or applications: checking integrity and consistency of your code, secure coding principles, finding unsafe or deprecated functions, hidden logical bombs and traps, backdoors, undocumented features, non-optimal coding practices and OWASP top 10 vulnerabilities.

    We support the following languages:

    • .Net/ASP.Net
    • Java EE (JBoss, Tomcat, etc.)
    • Java Android
    • Objective-C/Swift iOS/MacOS
    • PHP
    • Javascript
    • Python
    • C/C++/Assembler
    • Solidity
    • Golang
    • Lua
    • your language or platform.

    To achieve the objectives, the auditors use two methods:

    • SAST (Static Application Security Testing), which allows analyzing source code for known vulnerabilities using automated tools.
    • Manual source code review and analysis, in order to reveal unsafe and non-optimal coding practices, hidden logical bombs and traps, backdoors and undocumented features.

     

    Reviews

    Sort by

    Gray Box Testing for Cybersecurity Assessment Software Firm

    "They step into negotiations easily and are confident with their knowledge." 

    Quality: 
    5.0
    Schedule: 
    5.0
    Cost: 
    5.0
    Willing to refer: 
    5.0
    The Project
     
    Confidential
     
    Aug. 2019 - Ongoing
    Project summary: 

    H-X Technologies provides ongoing testing for web apps, platforms, APIs, and other internal components. They also handle reporting and after-fix retesting to ensure all problems have been resolved.

    The Reviewer
     
    201-500 Employees
     
    Israel
    Product Owner, Cybersecurity Assessment Software Firm
     
    Verified
    The Review
    Feedback summary: 

    Featuring a robust project management plan, H-X Technologies provides attentive testing services that have earned the client’s trust. Their professionalism stands out from that of their competitors, as does their industry experience. Customers can expect highly-educated and trained resources.  

    A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

    BACKGROUND

    Introduce your business and what you do there.

    I’m a core product owner at a cybersecurity assessment software firm. We’ve been in the market for about 18 years. I’m responsible for all the analytics, networking, architectural solutions, and product security.

    OPPORTUNITY / CHALLENGE

    What challenge were you trying to address with H-X Technologies?

    We had an internal and external obligation to perform the security assessment on our software and publish the public available report to outside. The vendor we used to work with for penetration testing didn’t match our criteria and we weren’t too happy with the results. I started to look for a replacement.

    SOLUTION

    What was the scope of their involvement?

    We outlined the scope quite sharply. I gave them the exact amount of applications and the web pages they needed to test. We gave them all the required users with the privileges that they asked for. It was gray box testing. They knew partial information about our system and tested three web applications, the platforms, some internal components, and the REST API.

    We are giving them some time for the security assessment. Then we’ll take the report and findings and fix everything. We have outlined timeframes to do this. Then we will install the environment for them to retest. After the retest, our partnership may be considered closed. Then we will start another one.

    In our particular case, we weren’t purchasing a single service. We were purchasing a cyclic relationship to use twice a year. They started with the security assessment. They fixed everything and retested it. Everything goes in a time frame of half a year. Immediately, they start an additional cycle. In our case, we needed someone who knew the job.

    What is the team composition?

    I have direct contact with their CEO. He was and always is available for me. The day we started the assessments, the project manager stepped into the picture.

    How did you come to work with H-X Technologies?

    I did a Google search and picked out four different candidates, engaging in negotiations with each of them one-by-one. They did demos and sessions and we chose H-X Technologies. They matched our criteria for the clarity of the report, their availability, and the structure of their project management. I did some research and asked for some recommendation context from them. They gave me two information security managers from the other companies they performed similar services for. I talked to each one and it was okay. I gave them my requirements to be fulfilled and they agreed on it.

    How much have you invested with them?

    They are much cheaper than their competitors.

    What is the status of this engagement?

    We started working together in August 2019 and the work is ongoing.

    RESULTS & FEEDBACK

    What evidence can you share that demonstrates the impact of the engagement?

    The impact on our organization is huge. I’ve chosen them because I found them to be a perfect combination of their professionalism, price, and simple negotiations.

    How did H-X Technologies perform from a project management standpoint?

    The project manager was supposed to put all the things together and connect between us, the customer, and their professional team. Everything is clear. They don’t miss any details. The project manager asked what platform was most preferable for me and I chose WhatsApp. She created a group and put all the testers, security guys, and the CEO in it. All the communication was through this channel. I didn’t ever need to ask for anything. Everything was smooth and transparent. She sent me the intermediate reports week by week. Every week, she sends me a draft so we could prepare for our part of the job from our end. We also use Zoom and email.

    What did you find most impressive about them?

    All of their professionals have a high degree from university. They’re not just taking three-month courses. All of them have huge experience in this industry. They step into negotiations easily and are confident with their knowledge. All these small things are actually bringing in customers.

    Are there any areas they could improve?

    I can’t think of anything. I feel comfortable with everything I got from them.

    Do you have any advice for potential customers?

    They’re extremely professional. The potential customer must outline exactly what their expectations and needs are.

    5.0
    Overall Score I purchased another service from them, highlighting how high we’re rating them.
    • 5.0 Scheduling
      ON TIME / DEADLINES
    • 5.0 Cost
      Value / within estimates
      I would give them a ten if I could.
    • 5.0 Quality
      Service & deliverables
    • 5.0 NPS
      Willing to refer

    Information Security Testing for Stock Exchange Company

    Their skills were very good, and they also have integrity.”

    Quality: 
    5.0
    Schedule: 
    5.0
    Cost: 
    4.5
    Willing to refer: 
    5.0
    The Project
     
    Less than $10,000
     
    Jan. 2020 - Ongoing
    Project summary: 

    H-X Technologies provided security assessment testing for a stock exchange firm. Their work includes static analysis, dynamic testing, and static testing.

    The Reviewer
     
    11 - 50 Employees
     
    Astana, Kazakhstan
    Information Security Officer, Stock Exchange Company
     
    Verified
    The Review
    Feedback summary: 

    H-X Technologies’ work has met expectations and the testing has gone well. The team is diligent, efficient and reliable. Customers can expect a multi-talented team with teammates that hold an array of useful certifications.

    A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

    BACKGROUND

    Introduce your business and what you do there.

    I’m an information security officer at a stock exchange company.

    OPPORTUNITY / CHALLENGE

    What challenge were you trying to address with H-X Technologies?

    In our company, we follow strict policies. Before going live, we needed help doing security assessments, which included penetration testing as well as other information security tests.

    SOLUTION

    What was the scope of their involvement?

    They did the security assessment testing. In short, they did gray box testing, which means they performed static analysis, dynamic testing, and static testing. That includes fuzzing testing and penetration tests. They also performed a partial code review as well.

    What is the team composition?

    There are people responsible for different tasks on the team. We had a project manager and we had other people who had different roles.

    How did you come to work with H-X Technologies?

    We conducted a procurement process, and H-X Technologies was the winner of the bid. Before distributing an RFP, we did a market analysis. We of course looked at the skills the company has. Security assessment is very highly dependent on skills, and we invited several companies. We chose H-X because we had a good reference from other companies and their team’s skills were among the best. Their price was reasonable, and their approach to security testing met our requirements.

    How much have you invested in them?

    We spent between $5,000–$10,000.

    What is the status of this engagement?

    We began working with them in January 2020, and it is ongoing as we haven’t finished yet.

    RESULTS & FEEDBACK

    What evidence can you share that demonstrates the impact of the engagement?

    Since I am an information security officer, I understand the work they are doing. They would provide us with reports, and I checked the progress.

    How did H-X Technologies perform from a project management standpoint?

    They’re good. We had weekly calls, and everything was on time. We were behind by a week, but that was because we hadn’t prepared the environment on time, and wasn't from their side.

     If I had any concerns or we needed to make any changes in their methodology I would let them know. We didn’t have much to change, and they were very good and very quick to respond. They also provided us with recommendations as well which helped us save time.

    What did you find most impressive about them?

    Their skills are impressive and they have a very good team. For example, when comparing them to a local company here which only has one team member with a certain certification, on their team, each person has this certification. Their skills were very good, and they also have integrity.

    Are there any areas they could improve?

    They are located in a different country so we do have a time difference between us. If they had an office in our city, it would be excellent. There were times when we didn’t get a quick response but that was because they were sleeping when we were working.

    Do you have any advice for potential customers?

    If you have a clear statement of work, everything will go smoothly.

    5.0
    Overall Score We did not have any arguments and we still keep in touch. We are all in the same field.
    • 5.0 Scheduling
      ON TIME / DEADLINES
      The timeline was good, and any problem was from our side.
    • 4.5 Cost
      Value / within estimates
      We always want a cheaper option.
    • 5.0 Quality
      Service & deliverables
      They were very good.
    • 5.0 NPS
      Willing to refer
      I have already recommended them to my professional partners.

    Cybersecurity for Cloud IT Solutions Company

    "They know what they're doing."

    Quality: 
    5.0
    Schedule: 
    5.0
    Cost: 
    5.0
    Willing to refer: 
    5.0
    The Project
     
    $10,000 to $49,999
     
    Jan. 2019 - Jan. 2020
    Project summary: 

    H-X Technologies provided security consulting and testing to help an IT firm qualify for an information security certificate. 

    The Reviewer
     
    51-200 Employees
     
    Kyiv, Ukraine
    Artem Savotin
    Managing Director, AMERIA UKRAINE
     
    Verified
    The Review
    Feedback summary: 

    The firm is now officially certified, and H-X Technologies's consulting and tests improved the client's software security. They led a smooth workflow from start to finish thanks to quick response times and a high level of knowledge.

    The client submitted this review online.

    BACKGROUND

    Please describe your company and your position there.

    I’m managing director of Germany IT / product company AMERIA AG in Ukraine.

    OPPORTUNITY / CHALLENGE

    For what projects/services did your company hire H-X Technologies?

    We develop a product Connected Experience and we had to get to another level of security and get automotive related ISO certificate called TISAX. Then we also orders back and grey box Pentest and still working on monthly fee to have permanent security officer from UA side.

    What were your goals for this project?

    We had to get a new level of official automotive certification TISAX

    SOLUTION

    How did you select this vendor?

    The company did security training for us in the past. We decided to go with them. But we made analysis of couple of other companies also from Germany.

    Describe the project in detail.

    We’ve got a full time person for TISAX preparation and constant consulting from the company. We planned many activities by flying to Germany to HQ many times and got on to the level to make an exam.

    What was the team composition?

    We had one full time employee from the company, me - accountable and then doing the exam, German security officer and couple of background people helped from both sides.

    RESULTS & FEEDBACK

    Can you share any outcomes from the project that demonstrate progress or success?

    We are TISAX certified, also made pentests, improved security of our software

    How effective was the workflow between your team and theirs?

    All was fine, liked response time and permanent cooperation

    What did you find most impressive about this company?

    They know what they're doing; they are great consultants.

    Are there any areas for improvement?

    Can’t say so at the moment

    5.0
    Overall Score
    • 5.0 Scheduling
      ON TIME / DEADLINES
    • 5.0 Cost
      Value / within estimates
    • 5.0 Quality
      Service & deliverables
    • 5.0 NPS
      Willing to refer

    Audit & Penetration Testing for Construction Company

    "We are completely satisfied with the work of H-X Technologies. Their colleagues fulfilled all our expectations."

    Quality: 
    5.0
    Schedule: 
    5.0
    Cost: 
    5.0
    Willing to refer: 
    5.0
    The Project
     
    Less than $10,000
     
    Aug. 2019 - Oct. 2019
    Project summary: 

    After helping with the planning phase of the project, H-X Technologies conducted an audit for a construction company. The team delivered reports outlining the assessment, any threats, and a few suggestions.

    The Reviewer
     
    1,001-5,000 Employees
     
    Nur-Sultan, Kazakhstan
    Altynay Lebakina
    Information & Analytical Department Head, BI Group
     
    Verified
    The Review
    Feedback summary: 

    The H-X Technologies team worked confidently and professionally throughout the engagement—from the planning phases through the final delivery. Although the majority of the partnership was remote, their team communicated clearly and completed each stage of the project on time. 

    The client submitted this review online.

    BACKGROUND

    Please describe your company and your position there.

    Our company is one of the biggest build company in Kazakhstan.

    OPPORTUNITY / CHALLENGE

    For what projects/services did your company hire H-X Technologies?

    Information security was introduced not so long ago In our company, so it became necessary to conduct an external audit for vulnerabilities and weaknesses

    What were your goals for this project?

    We wanted to see our weaknesses in business processes, infrastructure and web applications being developed

    SOLUTION

    How did you select this vendor?

    We were looking for a company that would suit us according to the principle: price-quality. Compared the methods and tools of the audit, requested samples of reports at the exit. As a result, two companies remained and the choice was made by H-X Technologies.

    Describe the project in detail.

    A project plan was developed, and online meetings were organized every week throughout the project. To conduct an audit of ISO27001, auditors came to our office for 2 days, other work was done remotely

    What was the team composition?

    Roles and responsibilities in each area were identified. I contacted a senior auditor who came to our office in person. The project leader was contacted only via Skype

    RESULTS & FEEDBACK

    Can you share any outcomes from the project that demonstrate progress or success?

    As a result, we received detailed reports in two areas of the project. Vulnerability report, process maturity assessment, general assessment of the information security status of our company. Recommendations for improving processes and enhancing protection against potential threats

    How effective was the workflow between your team and theirs?

    From the very beginning, the stages of the project were determined, all the work was done on time. Throughout the joint work, no conflicts arose.

    What did you find most impressive about this company?

    Colleagues showed a good and confident level of professionalism. All work was carried out clearly: from the start of negotiations to the presentation of the final report

    Are there any areas for improvement?

    We are completely satisfied with the work of H-X Technologies. Their colleagues fulfilled all our expectations.

    5.0
    Overall Score
    • 5.0 Scheduling
      ON TIME / DEADLINES
    • 5.0 Cost
      Value / within estimates
    • 5.0 Quality
      Service & deliverables
    • 5.0 NPS
      Willing to refer

    Cybersecurity Services for Migration Software Company

    "H-X Technologies has proper security practices."

    Quality: 
    5.0
    Schedule: 
    5.0
    Cost: 
    4.0
    Willing to refer: 
    5.0
    The Project
     
    Less than $10,000
     
    Jan. - Apr. 2019
    Project summary: 

    H-X Technologies did a security audit of the company’s cloud infrastructure as well as an external penetration test, identifying all security gaps and providing a report after which they did another test round.

    The Reviewer
     
    11-50 Employees
     
    Ukraine
    Victoria Pogrebniak
    IT Manager, FluentPro
     
    Verified
    The Review
    Feedback summary: 

    The project team found several critical vulnerabilities in the system in the span of three months and provided two kinds of reports based on their findings. Through weekly status reports and overall effective communication, H-X Technologies delivered on time and did an extensive and thorough job.

    A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

    BACKGROUND

    Introduce your business and what you do there.

    I’m an IT project manager for FluentPro. Our main office is located in Redmond, Washington, but we have a customer care team in Ukraine as well as a development team and other resources.

    OPPORTUNITY / CHALLENGE

    What challenge were you trying to address with H-X Technologies?

    We have cloud-based applications and provide cloud services for project and portfolio management to customers working with Microsoft Project. One of our goals was to find a third-party enterprise that could do a penetration testing audit for us. Our cloud service provider is G Suite, and we identified H-X Technologies as an external provider for a security audit and penetration test for our service.

    SOLUTION

    What was the scope of their involvement?

    H-X Technologies conducted a security audit of our cloud infrastructure. This included an analysis of the kinds of security gaps we had on our cloud service and an external penetration testing of our application. Specifically, it was gray-box penetration testing. We provided them access to our cloud platform but without any login credentials or other details. We wanted to see how hackers from the outside world could enter our system.

    I believe they tested the application for one month and provided us with a penetration test report with recommendations on what we should improve in our company and solutions. After some research and after following their recommendations, we mitigated the high-risk exposures and relaunched the website. They performed another brute-force and penetration test after we took those mitigation measures, and worked according to OWASP 10.

    How did you come to work with H-X Technologies?

    I assessed different providers in Ukraine and H-X Technologies had very good reviews from other companies. They also had a great price and quality according to those reviews. We had a call with them, and they satisfied our requirements for the basic security tests we needed.

    How much have you invested with them?

    We invested $4,000 on this project.

    What is the status of this engagement?

    The collaboration lasted for three months and ended six months ago, around April 2019. There was a pre-security assessment, the testing itself, and a retesting after following their recommendations.

    RESULTS & FEEDBACK

    What evidence can you share that demonstrates the impact of the engagement?

    H-X Technologies was contracted for three months to look for various kinds of vulnerabilities, according to OWASP 10. In terms of success, they found vulnerabilities that were critical for our project. Every security company has its own approach for security testing, and we couldn’t know what kind of vulnerabilities H-X Technologies would find, so we didn’t track exact metrics.

    How did H-X Technologies perform from a project management standpoint?

    Project management was handled well. They sent us project status reports once a week and we always got effective communication from their side. They also sent us two kinds of reports that were agreed upon in the contract.

    What did you find most impressive about them?

    H-X Technologies has proper security practices. We checked a lot of things following the security assessment on our side as well and found the same vulnerabilities. Overall, H-X Technologies did an extensive assessment. They also provided an internal report for our company, along with a report we could show customers without confidential information around our vulnerabilities.

    Are there any areas they could improve?

    I haven’t dealt with other security companies, so I don’t have a something to H-X Technologies with. We had a really good experience.

    Do you have any advice for future clients of theirs?

    I’d definitely recommend them to others, and we plan to use some of their services in the future for an ISO 27001 certification and other security audits.

    5.0
    Overall Score
    • 5.0 Scheduling
      ON TIME / DEADLINES
    • 4.0 Cost
      Value / within estimates
      I believe we found some cheaper companies, but it’s difficult for me to compare their quality to what H-X Technologies can do.
    • 5.0 Quality
      Service & deliverables
    • 5.0 NPS
      Willing to refer