The Most Reliable Penetration Testing (Pentest) & Website Security Services currently available in Indonesia

LOGIQUE Digital Indonesia Offers World Class Pentest Services of an International Standard.

Our penetration testing (pentest) process is supported by experienced Pentesters, all of whom have already received their CEH (Certified Ethical Hacker) & CSCU (Certified Secure Computer User) certifications from the EC-Council; indeed, our proven abilities & expertise within this area are clear.

Why Is It Important to Pentest Your System?

By conducting penetration testing (pentest) for your digital assets, you will have a better understanding of how prepared your website, application or network defense system is when dealing with serious instances of cybercrime.

One’s Cyber security needs to be regularly improved, especially if you have a business that incorporates digital media. Cyber attacks have become a serious threat to companies throughout the world. A study conducted by the University of Maryland stated that an average cyber attack occurs every 39 seconds.

Don't delay the safeguarding of your website and/or application’s security system; avoid the potential risk of highly damaging cyber attacks. Contact Us Now!

Top Banner

Website security assessment service | WEB vulnerability assessment

In Indonesia, the fact is that most corporations are still relatively unaware of the importance of website security. This has seen an increase in many skilled hackers causing a variety of security incidents throughout Indonesia, as well as on an international level. It is extremely important to make sure that your website's security is thoroughly up to date, as revealed by a professional with a deep understanding of how cyber hacking/software vulnerability works. This is due to hackers having a similar mindset in regards to finding security holes to exploit. If hackers do succeed in breaking through your security systems, there could be a variety of risks other than your website being hacked into; additionally, your website/business could be used to conduct criminal activities, thereby covering the perpetrators tracks in the process. This is one of many reasons why improving your website’s security is a must, even for relatively simple websites.

Examples of Cyber-Security Threats.

An Indonesian Airline had once become the victim to a cyber-attack, resulting in the leakage of important passenger data. The data leakage stemmed from two sources, the first of which contained 21 million articles of data, and the other, 14 Million. Indonesian telecommunications companies have previously fallen victim to cyber-attacks using web-defacing techniques. ‘Web defacing’ changes the appearance of a website, altering its main page, index file and other pages that are still bound to the website’s URL.

Several Cyber-Security incidents have occurred, not only to corporate entities, but also against government agencies. Based on data obtained from the CSIS (Center for Strategic and International Studies), there are many state-run institutions worldwide that have experienced such cyber-attacks, notably several US Cancer Research agencies that were hacked into in order to retrieve information related to the latest data in regards to developments in the study of cancer. North Korean Hackers have also carried out phishing attacks on foreign officials, aiming to decipher nuclear related information. The Indonesian General Election Commission had also reported Hackers from China and Russia had previously examined the database of Indonesian voters before the presidential and legislative elections were held.

Is Your Company Vulnerable to a Cyber Security Attack?

Presently, as many as 74% of companies have over 1000 highly sensitive files stored within their archives. 21% of which often lack capable protection, thereby being vulnerable in becoming the victims of hacking. Additionally, 41% of companies commonly store over 1000 sensitive files that are not well protected. These can include credit card cumbers and other financial records.

Furthermore, based on Varonis’ data, 65% of companies have 500 users who have never changed their passwords. In fact, based on a study conducted by the Ponemon Institute in 2017, as many as 69% of organizations do not believe that Anti-Virus Software can help solve a data breach related threat. Hackers have various techniques to hack and access important company data. In lacking good cyber security, both large and small companies can fall victim to all kinds of cyber-attacks. This happens because every business has assets criminals may seek to exploit. Sometimes assets are in the form of money, financial information, personal information of staff and customers, or even business infrastructure.

A Rising Demand for Cyber Security (in a Post-Covid era of Global Digitization)

Businesses are now ample targets in the eyes of cyber hackers and data thieves. The reason for this is clear: a massive amount of sensitive data has now been digitized in order to adapt to the New Normal policies, therefore cyber criminals have expanded their activities in response.

Recent trends suggest that there exists a strong link between a growing culture of cyber hacking and the onset of Covid-19. This is due in large part to the natural growth in digital transformation across the world, currently accelerated by the spread of Covid 19. In essence, with the new challenges presented by the worldwide pandemic, businesses have sought to adapt to the “New Normal” mode of operations, thereby fast-tracking their rate of digitization. However, with this overall digital transformation comes a major risk. From phishing attacks, social engineering schemes to Credential Theft, almost every industry, big and small, has been bracing for a dramatic evolution in the world of cyber fraud. And one would be wise to adapt their business side by side to this evolution.

For example, tech advancements found in Cloud technology, the Internet of Things (IoT), Big Data and other tools that optimize the strength of a company’s overall workflow have all of a sudden become a major point of weakness. This is due to the fact that such ubiquitous technologies require data storage to be transferred from an onsite to virtual basis, effectively solidifying the process of digital transformation within a business. However, one can see how having the majority (or even the entirety) of a company’s key data floating within the same environment as cyber criminals operate could be considered a major risk.

If your business, along with the majority of firms, has further sought to incorporate digital means into your corporate infrastructure, one should be aware that there is an increased risk that cyber fraud could befall your data. In fact, the chances are greatly increased in that face of further digitization, with the nature of cyberattacks increasing, for example, with a whopping 600% overall since the start of the aforementioned global crisis. The recent exploitation of video conferencing meetings is an indicator of this new trend; in 2020 alone, around half a million individuals experienced their video calls being hacked into, from which various articles of personal data had been stolen such as names, addresses, passwords, etc. Also, from the onset of the pandemic, phishing attacks have been up a full 15%, with a staggering 57 percent of organizations now seeing weekly to daily occurrences of phishing attacks (as reported by GreatHorn). A new variety of hackers are even incorporating highly advanced machine learning technology in order to remain hidden, as well as evolving their hacking techniques through the use of not just email, but also SMS and voice chat.

Therefore, it comes as no surprise that the demand for digital security in these overly tech-reliant times has been growing as well. In fact, Logique has been able to successfully protect itself through employing a professional team of highly experienced penetration testing experts. If your company is without this convenience, and is looking to prepare your own digital infrastructure against the increasingly likely chance of experiencing a data breach, feel free to contact us and book your company for a pentest.

Website security assessment contents

  • We check and report on 12 crucial items of assessment. Through these items, the website vulnerability assessment service can swiftly scan your website’s security level.
  • The scope of the assessment may be limited due to the overall level of website security being tested (number of pages, search function, presence/absence, and number of forms).
  • We conduct an assessment through the use of a security assessment tool that enables us to implement comprehensive testing procedures.
  • We also perform a manual test in order to identify any critical & potential risks through analyzing the source code.
  • We will provide advice in regards to risk management and further explain the steps needed in order for any remaining problems to be fixed.
On the Importance of Website Security Assessments
Websites owned by financial institutions are not the only sites that require thorough security assessments and countermeasures. Websites that do not necessarily contain important and personal information also remain targets of potential cyber hacking activities.

In Indonesia, cyber-attacks, some of which include the unauthorized access and falsification of data, are frequently carried out against a multitude of websites. As a result, this can cause severe damages, such as personal information leakage, system down, access trouble, and identity theft as well.
  1. 1. Financial Impact.
    Cyber Attacks can often result in financial losses arising from:
    • Theft of Corporate Information
    • Theft of Financial Information
    • Sales Disruptions (Example: Customers being unable to conduct online transactions)
    • Loss of Business or Employment Contracts

  2. 2. Reputational Impact
    Cyber attacks can damage your business’s reputation and potentially lead to:
    • Loss of customer Trust
    • Loss of Customers
    • Decrease in Sales
    • Reduction of Profits

  3. 3. Legal Impact
    As a business owner, you are obliged to protect your company, its customers and the data of its employees. If you are unwilling to fulfill such basic requirements, if you are bound by a contract, you may be subject to legal sanctions or various fines.

In order to eliminate these risks so as to continue maintaining a secure website, conducting a security vulnerability assessment is highly recommended. Through a primary security assessment, we can properly grasp the extent to which a website is vulnerable to cyber-attacks.

LOGIQUE will flexibly perform various security assessment according to the scale of the website. We also have a primary vulnerability assessment that can be easy and cheaper to start with.

LOGIQUE takes various steps when conducting a Website Security Assessment
In conducting a website security assessment, LOGIQUE Digital Indonesia adheres to an internationally practiced standard as a reference. These include:

Step 1
1 Reconnaissance
During this initial stage, we collect data or any other things in regards to the client. After all the necessary data is collected, we will be able to plan our security breach more easily.
Reconnaissance can be done in two ways; these include actively (directly moving against the specified target) and passively (surveillance is done through intermediaries).

Step 2
2 Scanning
At this stage, we require an application that functions as a technical tool so as to collect data on the specified target. Currently, the data that is sought after is more general in nature.

Step 3
3 Gaining Access
We will then gain access so as to take control of one or more network devices to further the extraction of data from the set target, after which we will then use the device in order to launch attacks on other targets where necessary.

Step 4
4 Maintaining Access
That is the stage where we will make several steps needed to remain in the target environment with the aim of collecting as much data as possible. In this phase, the attacker must remain idle so that they cannot be caught while using the host environment.

Step 6
5 Covering Tracks
The last stage where we will cover the track, forcing the attacker to take the steps needed to remove all the similarities during detection. Any changes that have been made, improved authorization, etc. All must return in a non-recognition state (not recognized) by a network administrator host.

LOGIQUE provides a variety of Cyber Security services.

A. Application Penetration Testing
A security test is a method of evaluating the security of a computer system or network by methodically validating and verifying the effectiveness of application security controls.

1) Web Apps
A web application security test focuses only on evaluating the security of a web application. The process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities. Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.

2) Mobile Apps
The security test on mobile apps focuses only on evaluating the security of a mobile app on iOS or android devices. Like web apps, the process also involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities.

3) Desktop Apps
For those of you who might be wondering if desktop applications are still a thing, yes, of course. Most enterprise applications are installation-based and use hardware resources to run them. Also, many real-time systems are still desktop-based because of their performance capabilities. In this case, LOGIQUE can also do testing to ensure the security of the software.

B. Network & Infrastructure Penetration Testing
Assessing security or penetration testing on servers, local network, and staff PC. This infrastructure test is a proven method of evaluating the security of your computing networks, infrastructure, and application weakness by simulating a malicious attack.

C. Code Review
Auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places. Code review is a way of ensuring that the application has been developed so as to be “self-defending” in its given environment.

D. Cyber Security Awareness Training
Choosing a weak password or clicking a bad link is the example of personal decisions that even the best cyber security cannot help. This is the reason why cyber security awareness is vital especially among end users and programmers, and LOGIQUE can provide the training for you.

E. Cyber Security Consulting
LOGIQUE is ready to help your IT team to solve security problems and provide the best solutions. We can give technical advices to your IT team and strategic advices to your management team.

Logique Digital Indonesia is experienced in conducting security assessments within Indonesia

We have performed security assessments on the websites of government organizations, financial institutions, e-commerce businesses as well as car manufacturers. In most cases, you will be shocked with the test results; however this will allow you to make note of the risk and thereby make an appropriate strategy against it. LOGIQUE will assist you in preventing such risks through the constant monitoring of security. While conducting penetration tests for various companies, we had subsequently discovered several security holes that required immediate patching up. Some examples of the bugs we had encountered are as follows:

  1. 1. Injection
  2. 2. Cross-Site Scripting (XSS)
  3. 3. Sensitive data exposure
  4. 4. Security misconfiguration
  5. 5. Broken access control
  6. 6. Others

What exactly is the full price being offered by LOGIQUE to perform a thorough Pentest?
15 juta

Through conducting the appropriate pentest activities, starting from the initial stage (preparation), testing to finally the reporting stage, LOGIQUE Digital Indonesia is offering prices starting from Rp. 15 Million depending on the type of application or system required for testing.

LOGIQUE Works 2019 - 2020
Time Industry Object of Assesment Found Problems (Risk Level)
High Middle Low
Sep - Oct 2019 Travel Web app 5 4 2
Sep - Oct 2019 Media Online Media 8 0 3
Sep - Oct 2019 Entrainment Network infrastructure 4 2 1
Sep - Oct 2019 E-commerce Market Place Web 8 4 4
Oct 2019 E-commerce PWA 4 3 0
Oct - Nov 2019 Forwarding Website company profile 5 5 3
Oct - Nov 2019 E-commerce Web app 6 0 2
Oct - Nov 2019 E-commerce Web app 2 2 1
Oct - Dec 2019 E-commerce Web app 53 1 0
Nov - Dec 2019 E-commerce Mobile app for Android 2 2 2
Nov - Dec 2019 E-commerce E-commerce 3 2 2
Nov - Dec 2019 E-commerce E-commerce 2 2 1
Nov 2019 Fintech Web app 1 2 3
Nov 2019 Fintech Mobile app for IOS and Android 2 4 2
Dec 2019 Finance Corporate Web 2 1 4
Dec 2019 Automotive Corporate Web 4 0 2
Dec 2019 Service Member web 3 4 3
Jan 2020 Fintech Web App 0 2 0
Jan 2020 Fintech Mobile App 1 8 1
Jan 2020 Fintech Network Infrastructure 0 3 0
Feb 2020 Automotive Network Infrastructure 0 0 1
Feb 2020 Service Web App 0 4 1
Feb 2020 Mobilephone Provider Web App 1 10 2
Mar 2020 Airline Web App 0 4 1
Mar 2020 Financial Planner Web App 4 1 2
Mar 2020 Travel Web App 5 4 2
Apr 2020 Service Network Infrastructure 0 1 2
Apr 2020 Service Web App 0 1 3
May 2020 Insurance Web App 4 4 1
May 2020 Insurance Network Infrastructure 0 2 3
Jun 2020 Pharmacies Web App 0 2 0
Jun 2020 Fintech Web App 5 0 0
Sep 2020 Fintech Web App 0 4 2
Oct 2020 Agriculture Network Infrastructure 0 5 1

Sample Report

Cyber Security Related Article

Other Services Offered by LOGIQUE

Besides leveraging the skills of specialists who are certified and experienced in conducting Penetration Testing (Pentest) and Security Assessments, we also have specialists who are no less reliable in providing a variety of other services, such as Digital Marketing. LOGIQUE aims to assist your company in carrying out digital campaigns in regards to Search Engine Marketing (SEM), Content Marketing, Search Engine Optimization (SEO), Social Media optimization and others.

Our team can help your company maximise its performance within every channel used in the digital campaign being carried out. We can maximise your desired conversion rates through SEM services, as well as increase your overall organic traffic through applying various SEO improvements and achieve peak engagement through a variety of social media optimizations. So what are you waiting for? Immediately consult your business needs with us and our digital marketing team will strive to design the best strategy for you.

Website Security Testing White Paper

Optional Web Security Services

LOGIQUE has collaborated with PT Dtechcorp Konsultindo Prima (Dtechcorp Consulting), an experienced consulting agency registered with the BSSN (National Cyber ​​& Crypto Agency) and KOMINFO (Ministry of Communication and Information Technology), so as to meet the needs & standards of the POJK-based information technology (IT) security auditing services. We also provide consultation services for any clients aiming to obtain an ISO certification.