The Most Reliable Penetration Testing (Pentest) & Website Security Services currently available in Indonesia

LOGIQUE Digital Indonesia Offers World Class Pentest Services of an International Standard.

Our penetration testing (pentest) process is supported by experienced Pentesters, all of whom have already received their CEH (Certified Ethical Hacker) & CSCU (Certified Secure Computer User) certifications from the EC-Council; indeed, our proven abilities & expertise within this area are clear.

Why Is It Important to Pentest Your System?

By conducting penetration testing (pentest) for your digital assets, you will have a better understanding of how prepared your website, application or network defense system is when dealing with serious instances of cybercrime.

One’s Cyber security needs to be regularly improved, especially if you have a business that incorporates digital media. Cyber attacks have become a serious threat to companies throughout the world. A study conducted by the University of Maryland stated that an average cyber attack occurs every 39 seconds.

Don't delay the safeguarding of your website and/or application’s security system; avoid the potential risk of highly damaging cyber attacks. Contact Us Now!

Website security assessment service | WEB vulnerability assessment

In Indonesia, the fact is that most corporations are still relatively unaware of the importance of website security. This has seen an increase in many skilled hackers causing a variety of security incidents throughout Indonesia, as well as on an international level. It is extremely important to make sure that your website's security is thoroughly up to date, as revealed by a professional with a deep understanding of how cyber hacking/software vulnerability works. This is due to hackers having a similar mindset in regards to finding security holes to exploit. If hackers do succeed in breaking through your security systems, there could be a variety of risks other than your website being hacked into; additionally, your website/business could be used to conduct criminal activities, thereby covering the perpetrators tracks in the process. This is one of many reasons why improving your website’s security is a must, even for relatively simple websites.

Examples of Cyber-Security Threats.

An Indonesian Airline had once become the victim to a cyber-attack, resulting in the leakage of important passenger data. The data leakage stemmed from two sources, the first of which contained 21 million articles of data, and the other, 14 Million. Indonesian telecommunications companies have previously fallen victim to cyber-attacks using web-defacing techniques. ‘Web defacing’ changes the appearance of a website, altering its main page, index file and other pages that are still bound to the website’s URL.

Several Cyber-Security incidents have occurred, not only to corporate entities, but also against government agencies. Based on data obtained from the CSIS (Center for Strategic and International Studies), there are many state-run institutions worldwide that have experienced such cyber-attacks, notably several US Cancer Research agencies that were hacked into in order to retrieve information related to the latest data in regards to developments in the study of cancer. North Korean Hackers have also carried out phishing attacks on foreign officials, aiming to decipher nuclear related information. The Indonesian General Election Commission had also reported Hackers from China and Russia had previously examined the database of Indonesian voters before the presidential and legislative elections were held.

Is Your Company Vulnerable to a Cyber Security Attack?

Presently, as many as 74% of companies have over 1000 highly sensitive files stored within their archives. 21% of which often lack capable protection, thereby being vulnerable in becoming the victims of hacking. Additionally, 41% of companies commonly store over 1000 sensitive files that are not well protected. These can include credit card cumbers and other financial records.

Furthermore, based on Varonis’ data, 65% of companies have 500 users who have never changed their passwords. In fact, based on a study conducted by the Ponemon Institute in 2017, as many as 69% of organizations do not believe that Anti-Virus Software can help solve a data breach related threat. Hackers have various techniques to hack and access important company data. In lacking good cyber security, both large and small companies can fall victim to all kinds of cyber-attacks. This happens because every business has assets criminals may seek to exploit. Sometimes assets are in the form of money, financial information, personal information of staff and customers, or even business infrastructure.

Website security assessment contents

We check and report on 12 crucial items of assessment. Through these items, the website vulnerability assessment service can swiftly scan your website’s security level.
The scope of the assessment may be limited due to the overall level of website security being tested (number of pages, search function, presence/absence, and number of forms).
We conduct an assessment through the use of a security assessment tool that enables us to implement comprehensive testing procedures.
We also perform a manual test in order to identify any critical & potential risks through analyzing the source code.
We will provide advice in regards to risk management and further explain the steps needed in order for any remaining problems to be fixed.

On the Importance of Website Security Assessments

Websites owned by financial institutions are not the only sites that require thorough security assessments and countermeasures. Websites that do not necessarily contain important and personal information also remain targets of potential cyber hacking activities.

In Indonesia, cyber-attacks, some of which include the unauthorized access and falsification of data, are frequently carried out against a multitude of websites. As a result, this can cause severe damages, such as personal information leakage, system down, access trouble, and identity theft as well.

1. Financial Impact.
Cyber Attacks can often result in financial losses arising from:
- Theft of Corporate Information
- Theft of Financial Information
- Sales Disruptions (Example: Customers being unable to conduct online transactions)
- Loss of Business or Employment Contracts
2. Reputational Impact
Cyber attacks can damage your business’s reputation and potentially lead to:
- Loss of customer Trust
- Loss of Customers
- Decrease in Sales
- Reduction of Profits
3. Legal Impact
As a business owner, you are obliged to protect your company, its customers and the data of its employees. If you are unwilling to fulfill such basic requirements, if you are bound by a contract, you may be subject to legal sanctions or various fines.

In order to eliminate these risks so as to continue maintaining a secure website, conducting a security vulnerability assessment is highly recommended. Through a primary security assessment, we can properly grasp the extent to which a website is vulnerable to cyber-attacks.

LOGIQUE will flexibly perform various security assessment according to the scale of the website. We also have a primary vulnerability assessment that can be easy and cheaper to start with.

LOGIQUE takes various steps when conducting a Website Security Assessment

In conducting a website security assessment, LOGIQUE Digital Indonesia adheres to an internationally practiced standard as a reference. These include:

1 Reconnaissance

During this initial stage, we collect data or any other things in regards to the client. After all the necessary data is collected, we will be able to plan our security breach more easily.
Reconnaissance can be done in two ways; these include actively (directly moving against the specified target) and passively (surveillance is done through intermediaries).

2 Scanning

At this stage, we require an application that functions as a technical tool so as to collect data on the specified target. Currently, the data that is sought after is more general in nature.

3 Gaining Access

We will then gain access so as to take control of one or more network devices to further the extraction of data from the set target, after which we will then use the device in order to launch attacks on other targets where necessary.

4 Maintaining Access

That is the stage where we will make several steps needed to remain in the target environment with the aim of collecting as much data as possible. In this phase, the attacker must remain idle so that they cannot be caught while using the host environment.

5 Covering Tracks

The last stage where we will cover the track, forcing the attacker to take the steps needed to remove all the similarities during detection. Any changes that have been made, improved authorization, etc. All must return in a non-recognition state (not recognized) by a network administrator host.

LOGIQUE provides a variety of Cyber Security services.

A. Application Penetration Testing

A security test is a method of evaluating the security of a computer system or network by methodically validating and verifying the effectiveness of application security controls.

1) Web Apps
A web application security test focuses only on evaluating the security of a web application. The process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities. Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.

2) Mobile Apps
The security test on mobile apps focuses only on evaluating the security of a mobile app on iOS or android devices. Like web apps, the process also involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities.

3) Desktop Apps
For those of you who might be wondering if desktop applications are still a thing, yes, of course. Most enterprise applications are installation-based and use hardware resources to run them. Also, many real-time systems are still desktop-based because of their performance capabilities. In this case, LOGIQUE can also do testing to ensure the security of the software.

B. Network & Infrastructure Penetration Testing

Assessing security or penetration testing on servers, local network, and staff PC. This infrastructure test is a proven method of evaluating the security of your computing networks, infrastructure, and application weakness by simulating a malicious attack.

C. Code Review

Auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places. Code review is a way of ensuring that the application has been developed so as to be “self-defending” in its given environment.

D. Cyber Security Awareness Training

Choosing a weak password or clicking a bad link is the example of personal decisions that even the best cyber security cannot help. This is the reason why cyber security awareness is vital especially among end users and programmers, and LOGIQUE can provide the training for you.

E. Cyber Security Consulting

LOGIQUE is ready to help your IT team to solve security problems and provide the best solutions. We can give technical advices to your IT team and strategic advices to your management team.

Logique Digital Indonesia is experienced in conducting security assessments within Indonesia

We have performed security assessments on the websites of government organizations, financial institutions, e-commerce businesses as well as car manufacturers. In most cases, you will be shocked with the test results; however this will allow you to make note of the risk and thereby make an appropriate strategy against it. LOGIQUE will assist you in preventing such risks through the constant monitoring of security. While conducting penetration tests for various companies, we had subsequently discovered several security holes that required immediate patching up. Some examples of the bugs we had encountered are as follows:

1. Injection
2. Cross-Site Scripting (XSS)
3. Sensitive data exposure
4. Security misconfiguration
5. Broken access control
6. Others

What exactly is the full price being offered by LOGIQUE to perform a thorough Pentest?

Through conducting the appropriate pentest activities, starting from the initial stage (preparation), testing to finally the reporting stage, LOGIQUE Digital Indonesia is offering prices starting from Rp. 15 Million depending on the type of application or system required for testing.

LOGIQUE Works 2019 - 2020

Time	Industry	Object of Assesment	Found Problems (Risk Level)
Time	Industry	Object of Assesment	High	Middle	Low
Sep - Oct 2019	Travel	Web app	5	4	2
Sep - Oct 2019	Media	Online Media	8	0	3
Sep - Oct 2019	Entrainment	Network infrastructure	4	2	1
Sep - Oct 2019	E-commerce	Market Place Web	8	4	4
Oct 2019	E-commerce	PWA	4	3	0
Oct - Nov 2019	Forwarding	Website company profile	5	5	3
Oct - Nov 2019	E-commerce	Web app	6	0	2
Oct - Nov 2019	E-commerce	Web app	2	2	1
Oct - Dec 2019	E-commerce	Web app	53	1	0
Nov - Dec 2019	E-commerce	Mobile app for Android	2	2	2
Nov - Dec 2019	E-commerce	E-commerce	3	2	2
Nov - Dec 2019	E-commerce	E-commerce	2	2	1
Nov 2019	Fintech	Web app	1	2	3
Nov 2019	Fintech	Mobile app for IOS and Android	2	4	2
Dec 2019	Finance	Corporate Web	2	1	4
Dec 2019	Automotive	Corporate Web	4	0	2
Dec 2019	Service	Member web	3	4	3
Jan 2020	Fintech	Web App	0	2	0
Jan 2020	Fintech	Mobile App	1	8	1
Jan 2020	Fintech	Network Infrastructure	0	3	0
Feb 2020	Automotive	Network Infrastructure	0	0	1
Feb 2020	Service	Web App	0	4	1
Feb 2020	Mobilephone Provider	Web App	1	10	2
Mar 2020	Airline	Web App	0	4	1
Mar 2020	Financial Planner	Web App	4	1	2
Mar 2020	Travel	Web App	5	4	2
Apr 2020	Service	Network Infrastructure	0	1	2
Apr 2020	Service	Web App	0	1	3
May 2020	Insurance	Web App	4	4	1
May 2020	Insurance	Network Infrastructure	0	2	3
Jun 2020	Pharmacies	Web App	0	2	0
Jun 2020	Fintech	Web App	5	0	0
Sep 2020	Fintech	Web App	0	4	2
Oct 2020	Agriculture	Network Infrastructure	0	5	1

Sample Report

SQL Injection

Missing Authorization Mechanism

Bypassing Unrestricted File Upload

Table Bug of Finding

Unencrypted Local Storage

Telnet Service Externally Available

Cyber Security Related Article

Cyber Security Trends of 2021

With the rapid modernization of society comes the mass adoption of a variety of new technologies. Currently, all entities from large to small corporations and ...

18 Juni 2021 | By krisna tegtmeier

Simple Steps to Protect Your Online Data

Privacy has been a central point for concern within the current age of digital technology. From keeping our data within brick-like hardware devices to storing ...

16 April 2021 | By krisna tegtmeier

Penetration Testing: How it can Save Your Business

Securing the safety of your company’s digital infrastructure should be among the top priorities on your list of to-dos, especially during this current Pandemic, where ...

23 November 2020 | By krisna tegtmeier

A Different kind of Virus: Hackers exploiting the Covid-19 Pandemic

The coronavirus outbreak is devastating many industries. But one industry seems to have found an opportunity in the chaos. That industry is ‘Hacking’. Indeed, with ...

09 April 2020 | By Feradhita NKD