At LOGIQUE, we provide unparalleled penetration testing services in Indonesia. Our approach goes beyond simply identifying security weaknesses—we take it a step further by offering solutions to fix the vulnerabilities we find. This comprehensive service ensures that your digital assets are not only secure but also resilient against future threats.
Our expert team conducts exhaustive penetration tests to uncover hidden vulnerabilities within your digital assets. We simulate real-world cyber-attacks to identify weaknesses before malicious actors can exploit them.
Every organization / digital asset is unique, and so are its security needs. LGQ tailors its penetration testing services to meet your specific requirements, providing you with a personalized security pen testing.
Unlike typical penetration testing services, LGQ stands out by not just identifying security flaws but also addressing them. Our skilled IT Professional team collaborates with you to fix vulnerabilities, ensuring your systems are robust and secure.
Our team consists of certified cybersecurity professionals with international certifications such as CEH, CPENT, and more. These certifications ensure that our security assessments are conducted by a competent team and adhere to industry best practices and regulations.
We are confident that our pricing is highly competitive compared to other companies that perform manual testing. Considering the cost of security incidents, it is a cost-effective investment for prevention (Security Penetration Test).
We understand your need to obtain security assessment results as quickly as possible. Our team works efficiently to identify vulnerabilities and provide remediation recommendations in a timely manner, so you can take action promptly.
An IT system / web application usually comes with a variety of important data, making a data leakage critically undesirable. Logique’s penetration testing services will overcome this, our IT security experts will determine the scope of the test and conduct a comprehensive assessment. To fix the vulnerability, LOGIQUE can also properly introduce you to an IT development company that can handle it.
Sign-in/outbound test
Cross-site scripting, SQL injection, command injection, Guidance to phishing sites, parameter tampering, dan lain-lain.
Authentication tests
Login error messages, sending and receiving login/personal information, etc.
Login/ Problems related to roles
Increased privileges (privilege escalation), access to unauthorized information, etc.
Session Management
Session fixation, Cross-Site Request Forgery (CSRF), etc.
Common vulnerabilities
The presence or absence of default content such as sample programs, etc.
Mobile/smartphone penetration testing serves to review the mobile app’s level of security vulnerability in a mobile application (Android/iOS). Mobile app penetration tests can also include tests for web APIs.
Improper platform usage
Testing for abuse of platform features or failure to use platform security controls.
Insecure data storage
Areas to be checked include SQL databases, Log files, XML data stores or manifest files, Binary data stores, Cookie stores, SD cards, synced Cloud.
Insecure communication
Checking the application's request response traffic.
Insecure authentication
Applications can experience insecure authentication so testing of Hidden Service Requests & Interface Reliance will be necessarily performed.
Insufficient cryptography
Insufficient Cryptography testing for vulnerabilities of mobile apps leveraging encryption.
Insecure authorization
The penetration tester will test for poor authorization schemes such as performing binary attacks on mobile apps and trying to run privileged functionality that should only be able to run with users who are supposed to have higher privileges.
Client code quality/client side Injection
The pentester will test for code quality issues that are quite prevalent in most mobile codes.
Code Tampering
The pentester will test for code misuse vulnerabilities that allow hackers to change the environment in which the code runs.
Reverse Engineering
Hackers can perform a final core binary analysis in order to determine their original string tables, source code, libraries, algorithms, and resources embedded within the application. The pentester will then perform String Table Analysis, Cross-Functional Analysis, and Source Code Analysis
Extraneous Functionality
Hackers can exploit hidden functionalities within the backend system so as to carry out any attacks. The pentester will run the Administrative Endpoint Exposed &Debug Flag in Configuration File scenario.
Infrastructure penetration testing is carried out in order to identify any existing security vulnerabilities in regards to critical network infrastructure within the company. The scope of this penetration test is limited to testing servers, routers, workstations, and the cloud. The testing process can also be done remotely or on-site.
IPV4/IPV6 Scanning, OSINT
Hacking Database Servers
Container Breakout
Ad Exploitation
Linux Exploitation
Techniques (Win 10)
VPN Exploitation
VOIP Attack
VLAN Attacks
Cloud Hacking
Reports are easy to understand
Full support until retest
Testing performed by CEH certified specialists
Testing is done on site or remotely via VPN
Testing Server/Router/Workstation/Cloud
Server
Router
Workstation
Cloud
IPV4/IPV6 Scanning, OSINT
Hacking Database Servers
Container Breakout
Ad Exploitation
Linux Exploitation
Techniques (Win 10)
VPN Exploitation
VOIP Attack
VLAN Attacks
Cloud Hacking
Reports are easy to understand
Full support until retest
API testing
Comprehensive testing (Web App/Web System)
IOT App
Cloud Based System and Infrasstructure
Fleet Management System
Auction Management System
E-Commerce
Customer Relationship Management (CRM)
HRS
Sign-in/outbound test
Authentication tests
Login/ Problems related to roles
Session Management
Common vulnerabilities
Reports are easy to understand
Full support until retest
Testing performed by CEH certified specialists
API testing
Android & iOS
HR Application
E-Learning Application
PWA
E-Auction Application
Inspection Application
E-Commerce Application
Improper platform usage
Insecure data storage
Insecure communication
Insecure authorization
Client code quality/client side Injection
Code Tampering
Reverse Engineering
Extraneous Functionality
By conducting the penetration testing (pentest) process, the overall strength of your own website will be revealed. Any applications or network defense systems you have installed can therefore test their effectiveness against instances of cybercrime as well as various other disturbances.
Cyber security is a feature that needs to be consistently improved, especially if you have a business that applies the use of digital media. Cyberattacks already present the biggest threat to any company. A study conducted at the University of Maryland states that hacker attacks occur every 39 seconds on average.
Do not delay in aiming to improve the overall security of your Website & Applications in order to avoid the ever-increasing risk of cyberattacks
LOGIQUE DIGITAL INDONESIA offers pentest services that can be conducted using 3 methods.:
This pentesting method focuses on the application’s details, such as its appearance, the functions it includes, and the alignment of these functions with the customer's business needs. The pentest is conducted without reviewing and testing the application's source code.
This is a technique based on certain detailed and logical procedures of a program’s code. In this method, the tester will look at the entire source code of a program to locate bugs from the program’s code.
This is a technique derived from a combination of both the Black Box and White Box techniques. Tis procedure involves the pentester engaging the application based on certain specifications, but uses the way it works from within the application aka the source code program.
LOGIQUE DIGITAL INDONESIA uses international penetration testing standards as a reference for implementation in conducting tests, including:
That is the stage where the Logique pentester will collect initial data or some things needed for the client. Once the data is collected, the pentester will be able to easily better plan attacks. This reconnaissance can be carried out in two ways, namely actively (directly touching the specified target) and passively (reconnaissance is carried out through intermediaries).
At this stage, an application is needed as a technical tool to collect various advanced data on the targets that we have set. At this stage, the data sought is more general, namely regarding the system they have.
In this phase, the pentester needs to gain access to take over control of one or more network devices in order to further extract data from the target, in order to subsequently use those devices to launch attacks on other targets.
That is the stage where the pentester will make some of the necessary steps to stay in the target environment with the aim of collecting as much data as possible. In this phase, the attacker must remain in a stationary state so that it cannot be caught while using the host environment.
That is the last stage where the pentester will cover the track, forcing the attacker to take the necessary steps to remove all similarities when detection is carried out. Any changes that have been made, authorizations that have been upgraded and others. Everything must return in a non-recognition state by a host network administrator.
Logique Digital Indonesia is very experienced in conducting security assessments. We have conducted penetration tests for government websites and a number of companies in various industrial fields ranging from fintech, e-commerce, automotive, and many more. During penetration testing for various companies, we have found some security loopholes or bugs so that patches or patches can be done immediately. Some of the bugs we have found such as:
In cases where your organization lacks an internal IT team to address identified vulnerabilities, or if your current IT outsourcer are unreliable, LGQ offers an optional remediation support service. Our skilled software development and DevOps teams can step in to fix and resolve the issues uncovered during our penetration testing.
Our unique advantage lies in the seamless collaboration between our security team and development team within LGQ, ensuring swift and effective resolution of security problems. This optional service ensures that all identified vulnerabilities are thoroughly addressed, enhancing the overall security posture of your digital assets.
Please note that the feasibility of this optional service depends on the nature of the identified issues and the level of access granted to LGQ to your digital assets. For more details and to discuss how this service can benefit your organization, please contact us.
LOGIQUE
CLIENT
LOGIQUE
CLIENT
LOGIQUE
CLIENT
LOGIQUE
CLIENT
LOGIQUE
CLIENT
LOGIQUE
CLIENT
Time | Industry | Object of Assesment | Found Problems (Risk Level) | ||
---|---|---|---|---|---|
High | Middle | Low | |||
Sep - Oct 2019 | Travel | Web app | 5 | 4 | 2 |
Sep - Oct 2019 | Media | Online Media | 8 | 0 | 3 |
Sep - Oct 2019 | Entrainment | Network infrastructure | 4 | 2 | 1 |
Sep - Oct 2019 | E-commerce | Market Place Web | 8 | 4 | 4 |
Oct 2019 | E-commerce | PWA | 4 | 3 | 0 |
Oct - Nov 2019 | Forwarding | Website company profile | 5 | 5 | 3 |
Oct - Nov 2019 | E-commerce | Web app | 6 | 0 | 2 |
Oct - Nov 2019 | E-commerce | Web app | 2 | 2 | 1 |
Oct - Dec 2019 | E-commerce | Web app | 53 | 1 | 0 |
Nov - Dec 2019 | E-commerce | Mobile app for Android | 2 | 2 | 2 |
Nov - Dec 2019 | E-commerce | E-commerce | 3 | 2 | 2 |
Nov - Dec 2019 | E-commerce | E-commerce | 2 | 2 | 1 |
Nov 2019 | Fintech | Web app | 1 | 2 | 3 |
Nov 2019 | Fintech | Mobile app for IOS and Android | 2 | 4 | 2 |
Dec 2019 | Finance | Corporate Web | 2 | 1 | 4 |
Dec 2019 | Automotive | Corporate Web | 4 | 0 | 2 |
Dec 2019 | Service | Member web | 3 | 4 | 3 |
Time | Industry | Object of Assesment | Found Problems (Risk Level) | ||
---|---|---|---|---|---|
High | Middle | Low | |||
Jan 2020 | Fintech | Web App | 0 | 2 | 0 |
Jan 2020 | Fintech | Mobile App | 1 | 8 | 1 |
Jan 2020 | Fintech | Network Infrastructure | 0 | 3 | 0 |
Feb 2020 | Automotive | Network Infrastructure | 0 | 0 | 1 |
Feb 2020 | Service | Web App | 0 | 4 | 1 |
Feb 2020 | Mobilephone Provider | Web App | 1 | 10 | 2 |
Mar 2020 | Airline | Web App | 0 | 4 | 1 |
Mar 2020 | Financial Planner | Web App | 4 | 1 | 2 |
Mar 2020 | Travel | Web App | 5 | 4 | 2 |
Apr 2020 | Service | Network Infrastructure | 0 | 1 | 2 |
Apr 2020 | Service | Web App | 0 | 1 | 3 |
May 2020 | Insurance | Web App | 4 | 4 | 1 |
May 2020 | Insurance | Network Infrastructure | 0 | 2 | 3 |
Jun 2020 | Pharmacies | Web App | 0 | 2 | 0 |
Jun 2020 | Fintech | Web App | 5 | 0 | 0 |
Sep 2020 | Fintech | Web App | 0 | 4 | 2 |
Oct 2020 | Agriculture | Network Infrastructure | 0 | 5 | 1 |
Time | Industry | Object of Assesment | Found Problems (Risk Level) | ||
---|---|---|---|---|---|
High | Middle | Low | |||
Jan 2021 | Automotive | Website | 1 | 2 | 0 |
Jan 2021 | Financial | Corporate Web | 0 | 4 | 2 |
Feb 2021 | Automotive | Internal Web System | 0 | 4 | 2 |
Feb 2021 | Retail Business | Mobile App | 0 | 2 | 3 |
Feb 2021 | E-Learning | Web App | 0 | 5 | 8 |
Jun 2021 | Insurance | Web App | 0 | 4 | 4 |
Sep 2021 | E-commerce | Web App | 3 | 2 | 8 |
Sep 2021 | Public Institution | Web System | 1 | 0 | 5 |
Oct 2021 | Research Company | Website | 2 | 1 | 3 |
Nov 2021 | Food Porducer | Web App | 0 | 4 | 3 |
Nov 2021 | Manufacture | Corporate Web | 0 | 3 | 4 |
Time | Industry | Object of Assesment | Found Problems (Risk Level) | ||
---|---|---|---|---|---|
High | Middle | Low | |||
Jan 2022 | Marketing Agency | Corporate Web | 0 | 2 | 1 |
Jan 2022 | Online media | Web app | 2 | 2 | 3 |
Jan 2022 | Medical Startup | Web App | 0 | 2 | 7 |
Feb 2022 | Manufacture | Mobile App | 3 | 1 | 4 |
Mar 2022 | Automotive | Service Web | 0 | 2 | 2 |
Mar 2022 | Marketing Agency | Web App | 3 | 3 | 5 |
Apr 2022 | Service | Mobile App | 1 | 2 | 4 |
May 2022 | Sier | Corporate Web | 2 | 0 | 2 |
Jun 2022 | Insurance | Mobile App | 1 | 2 | 4 |
Jun 2022 | Fintech Startup | Mobile App | 1 | 5 | 3 |
Jun 2022 | Food Manufacture | Web system | 1 | 2 | 1 |
Jun 2022 | Public Institution | Web system | 2 | 4 | 4 |
Jun 2022 | HR Agency | Web App | 0 | 4 | 4 |
Jul 2022 | Automotive | Website | 0 | 3 | 3 |
Jul 2022 | Retail | Website | 0 | 2 | 5 |
Jul 2022 | Manufacturer | Network | 0 | 2 | 2 |
Aug 2022 | Fintech Startup | Mobile App | 1 | 1 | 4 |
Aug 2022 | Travel | Web App | 2 | 2 | 3 |
Sep 2022 | E-Commerce | Web App | 4 | 1 | 4 |
Sep 2022 | E-Commerce | Network Infrastructure | 2 | 1 | 1 |
Oct 2022 | Online media | Web App | 1 | 4 | 1 |
Oct 2022 | E-Commerce | Mobile App | 1 | 2 | 2 |
Oct 2022 | Manufacturer | Network Infrastructure | 1 | 0 | 1 |
Nov 2022 | Financial | Website | 0 | 2 | 2 |
Nov 2022 | Medical | Website | 1 | 4 | 4 |
Nov 2022 | Manufacturer | IT System | 6 | 8 | 12 |
Dec 2022 | E-Commerce | Mobile App | 2 | 2 | 3 |
Dec 2022 | IT Service | Website | 1 | 2 | 4 |
Time | Industry | Object of Assesment | Found Problems (Risk Level) | ||
---|---|---|---|---|---|
High | Middle | Low | |||
Jan 2023 | Financial | Website | 1 | 3 | 3 |
Jan 2023 | Financial | API | 1 | 1 | 1 |
Jan 2023 | Fintech Startup | Network Infrastructure | 0 | 2 | 2 |
Jan 2023 | Insurance | Web App | 1 | 5 | 2 |
Feb 2023 | Traiding | Network Infrastructure | 2 | 3 | 4 |
Feb 2023 | Traiding | IT System | 8 | 17 | 10 |
Feb 2023 | Food | Web App | 2 | 2 | 3 |
Feb 2023 | Food | API | 1 | 1 | 4 |
Feb 2023 | IT Service | Website | 1 | 4 | 1 |
Mar 2023 | Service | Web App | 2 | 1 | 6 |
Mar 2023 | BPO | Network Infrastructure | 2 | 5 | 7 |
Mar 2023 | Real Estate | Website | 1 | 3 | 3 |
Mar 2023 | Real Estate | API | 0 | 1 | 2 |
Mar 2023 | Service | Website | 0 | 2 | 3 |
Apr 2023 | Saas | Web App | 2 | 6 | 4 |
Apr 2023 | Consulting | Website | 1 | 4 | 2 |
Apr 2023 | Transportation | IT System | 5 | 4 | 11 |
Apr 2023 | IT Service | Mobile App | 1 | 3 | 3 |
Apr 2023 | IT Service | Web App | 1 | 2 | 4 |
Jun 2023 | Public Sector | Website | 1 | 1 | 3 |
Jun 2023 | Market Place | Web App | 4 | 3 | 8 |
Jun 2023 | Financial | Mobile App | 1 | 6 | 4 |
Jul 2023 | Automotive | Website | 3 | 2 | 8 |
Jul 2023 | Automotive | Mobile App | 5 | 5 | 8 |
Jul 2023 | Financial | Network Infrastructure | 0 | 2 | 2 |
Jul 2023 | IT Service | Website | 0 | 1 | 3 |
Jul 2023 | Real Estate | Mobile App | 4 | 8 | 8 |
Aug 2023 | Online Platform | Web App | 5 | 7 | 8 |
Aug 2023 | Fintech Startup | Mobile App | 1 | 4 | 3 |
Aug 2023 | Automotive | IT System | 2 | 4 | 5 |
Aug 2023 | Real Estate | Website | 1 | 3 | 4 |
In providing our penetration testing services, we deliver reports in an easy-to-understand format. The assessment of cybersecurity vulnerabilities will be classified into 4 levels, namely Critical Risk (very high), High Risk (high), Middle Risk (medium), and Low Risk (low). The level of existing security risk will thereby refer to the overall impact it can potentially have on the business, either in terms of your business’ economy, reputation, or in regards to the possibility that the impact could arise in the near future.
Vulnerabilities with extremely high risk that can be easily and quickly exploited by attackers, causing severe damage such as massive data loss, operational disruption, and serious threats to business continuity. Examples include zero-day vulnerabilities, unauthenticated remote code execution, widespread privilege escalation, and cryptographic system exploits.
High-risk vulnerabilities can lead to significant damage to reputation, financial losses, and serious consequences for business operations. Examples include SQL injection, remote code execution, RFI/LFI, broken access control, hard-coded sensitive data, subdomain takeover, and bypassable OTP verification processes.
Vulnerabilities with a moderate risk level that can negatively impact the business but are not expected to cause catastrophic damage. Examples include sensitive information disclosure, open redirects, lack of rate limiting, improper error handling, and directory listing being enabled.
Security vulnerabilities that pose a minor threat to the target system. Examples include unsecured cookie attributes (Secure and HttpOnly flags missing), leaked web server technology, information disclosure through ASP.NET debug methods, misconfigured cross-origin resource sharing (CORS), and weak password policies.