Selected projects

Projects in penetration testing, ISMS, and compliance across corporate and industrial environments.

BANKING

Web application pentest — regional bank

White-box test of an internet banking application. Verification of authentication mechanisms, session management, and communication encryption.

TLS 1.0HSTSCWE-384CSRF

32 vulnerabilities · 3 critical (CVSS 9.1+)

FINTECH

API pentest — payment platform

REST API testing of a fintech platform. Analysis of technical data exposure, DoS resilience, and consistency of authorisation mechanisms across environments.

CWE-209CWE-400CWE-287

17 vulnerabilities · remediation completed in 6 weeks

E-COMMERCE

Payment application pentest

Black-box test of an e-commerce platform with payment gateway integration. Critical flaws found in financial data handling and validation mechanisms.

CWE-89CWE-22CWE-918PCI DSS

16 vulnerabilities · critical issues fixed within 24h

TECHNOLOGY

SPA + REST API pentest — corporate application

Comprehensive testing of a React application with a REST backend. Analysis of session management, API security, and content security policies.

CWE-384CWE-94CWE-116

20 vulnerabilities · remediation completed in 8 weeks

INDUSTRY / OT

OT network audit — manufacturing plant

Security audit of an industrial network at a manufacturing facility. Assessment of IT/OT segmentation, communication protocols, and emergency procedures.

IT/OTModbusPROFINET

14-point remediation plan · implemented in 90 days with zero downtime

COMPLIANCE

ISMS implementation — organisation with 200+ employees

Building an information security management system from the ground up. UAM/JML, risk assessments, security policies, preparation for ISO 27001 and NIS2 certification.

ISO 27001NIS2UAM/JML

NIS2-ready in 4 months

Want to know more?

Get in touch — we will share full reports after signing an NDA.