LOGIQUE specializes in penetration testing on web/mobile applications, or websites that can accurately help find and report vulnerabilities in the system.

LOGIQUE can also work with partners. We have to conduct security testing in several other areas such as networks, cloud servers, or human risks, however, Logique's IT security team will still fully handle the penetration testing process on your company's website and applications.



LOGIQUE’s Penetration Testing Services


page-quality

High Quality

The CEH-certified IT security team will be directly involved, so the process of security testing and vulnerability reporting will be carried out with high professionalism. So far, logique clients have asked us to perform tests on the system/web/application at regular intervals.


money

Competitive Pricef

We offer penetration testing services at very competitive prices when compared to other companies. Given the high number of total losses potentially caused by cyber security break ins, of course this service (penetration testing services) can be a cost-effective investment as a preventive measure.


calender

Fast Delivery Process

We may submit security vulnerability assessment reports within a maximum period of 1 week. That said, clients will generally take longer to review reports or fix vulnerabilities found.



What are the coverage areas for logique’s penetration testing standards?



image

Infrastructure penetration testing is carried out in order to identify any existing security vulnerabilities in regards to critical network infrastructure within the company. The scope of this penetration test is limited to testing servers, routers, workstations, and the cloud. The testing process can also be done remotely or on-site.

report Reports are easy to understand

supportFull support until retest

certificateTesting performed by CEH certified specialists

certificateTesting is done on site or remotely via VPN

certificateTesting Server/Router/Workstation/Cloud



We perform security tests on the following Web Apps/Systems

test-icons-1

Server

test-icons-2

Router

test-icons-3

Workstation

test-icons-4

Cloud



Main items to be tested

cloud

IPV4/IPV6 SCANNING, OSINT

  • Advanced topics in network scanning
  • Understanding & exploiting IPv6 Targets
  • Advanced OSINT Data gathering

cloud

HACKING DATABASE SERVERS

  • Mysql, Postgres, Oracle, dan MongoDB

cloud

CONTAINER BREAKOUT

  • Breaking and Abusing Docker
  • Kubernetes Vulnerabilities

cloud

AD EXPLOITATION

  • Active Directory Delegation Reviews and Pwnage (Win 2012 server)
  • Pass the Hash/Ticket Pivoting and WinRM Certificates
  • Pivoting, Port Forwarding and Lateral Movement Techniques
  • Persistence and backdooring techniques (Golden Ticket, DCSync, LOLBAS)

cloud

LINUX EXPLOITATION

  • Linux Vulnerabilities and Configuration Issues
  • Treasure hunting via enumeration
  • File Share/SSH Hacks
  • X11 Vulnerabilities
  • Restricted Shells Breakouts
  • Breaking Hardened Web Servers
  • Local Privilege Escalation
  • MongoDB exploitation
  • TTY hacks, Pivoting
  • Gaining root via misconfigurations
  • Kernel Exploitation
  • Post Exploitation and credentials harvesting

cloud

Techniques (Win 10)

  • Local Privilege Escalation
  • A/V & AMSI Bypass techniques
  • Offensive PowerShell Tools and Techniques
  • GPO based exploit
  • Constrained and Unconstrained delegation attack
  • Post Exploitation Tips, Tools and Methodology

cloud

VPN EXPLOITATION

  • Exploiting Insecure VPN Configuration

cloud

VOIP ATTACK

  • VOIP Enumeration dan VOIP Exploitation

cloud

VLAN ATTACKS

  • VLAN Concepts dan VLAN Hopping Attacks

cloud

CLOUD HACKING

  • AWS/Azure/GCP specific attacks
  • Storage Misconfigurations
  • Credentials, API’s and token Abuse
  • IaaS, PaaS, SaaS, CaaS and Serverless exploitation
  • Azure AD attacks
image

An IT system / web application usually comes with a variety of important data, making a data leakage critically undesirable. Logique’s penetration testing services will overcome this, our IT security experts will determine the scope of the test and conduct a comprehensive assessment. To fix the vulnerability, LOGIQUE can also properly introduce you to an IT development company that can handle it.

reportReports are easy to understand

supportFull support until retest

certificateTesting performed by CEH certified specialists

certificateAPI testing

certificateComprehensive testing (Web App/Web System)



We perform security tests on the following Web Apps/Systems

CRM

HRS

Customer management system (CRM)

Auction management system

Point management system



Main items to be tested

cloud

Sign-in/outbound test

Cross-site scripting, SQL injection, command injection, Guidance to phishing sites, tampering parameters, and others.


cloud

Authentication tests

Login error messages, sending and receiving login/personal information, etc.


cloud

Login/ Problems related to roles

Increased privileges (privilege escalation), access to unauthorized information, etc.


cloud

Session Management

Session fixation, Cross-Site Request Forgery (CSRF), etc.


cloud

Common vulnerabilities

The presence or absence of default content such as sample programs, etc.

image

Mobile/smartphone penetration testing serves to review the mobile app’s level of security vulnerability in a mobile application (Android/iOS). Mobile app penetration tests can also include tests for web APIs.

report Reports are easy to understand

supportFull support until retest

certificateTesting performed by CEH certified specialists

certificateAPI testing

certificateAndroid & iOS



We perform security tests on the following Web Apps/Systems

HR Application

E-Learning Application

PWA

E-Auction Application

Inspection Application

E-Commerce Application



Main items to be tested

Improper platform usage

Testing for abuse of platform features or failure to use platform security controls..


Insecure data storage

Areas to be checked include SQL databases, Log files, XML data stores or manifest files, Binary data stores, Cookie stores, SD cards, synced Cloud.


Insecure communication

Checking the application's request response traffic.


Insecure authentication

Applications can experience insecure authentication so testing of Hidden Service Requests & Interface Reliance will be necessarily performed..


Insufficient cryptography

Insufficient Cryptography testing for vulnerabilities of mobile apps leveraging encryption


Insecure authorization

The penetration tester will test for poor authorization schemes such as performing binary attacks on mobile apps and trying to run privileged functionality that should only be able to run with users who are supposed to have higher privileges.


Client code quality/client side Injection

The pentester will test for code quality issues that are quite prevalent in most mobile codes.


Code Tampering

The pentester will test for code misuse vulnerabilities that allow hackers to change the environment in which the code runs.


Reverse Engineering

Hackers can perform a final core binary analysis in order to determine their original string tables, source code, libraries, algorithms, and resources embedded within the application. The pentester will then perform String Table Analysis, Cross-Functional Analysis, and Source Code Analysis


Hackers can exploit hidden functionalities within the backend system so as to carry out any attacks. The pentester will run the Administrative Endpoint Exposed &Debug Flag in Configuration File scenario.



LOGIQUE ASSESSMENT FLOW

Assesment Flow



LOGIQUE Works
Time Industry Object of Assesment Found Problems (Risk Level)
High Middle Low
Sep - Oct 2019 Travel Web app 5 4 2
Sep - Oct 2019 Media Online Media 8 0 3
Sep - Oct 2019 Entrainment Network infrastructure 4 2 1
Sep - Oct 2019 E-commerce Market Place Web 8 4 4
Oct 2019 E-commerce PWA 4 3 0
Oct - Nov 2019 Forwarding Website company profile 5 5 3
Oct - Nov 2019 E-commerce Web app 6 0 2
Oct - Nov 2019 E-commerce Web app 2 2 1
Oct - Dec 2019 E-commerce Web app 53 1 0
Nov - Dec 2019 E-commerce Mobile app for Android 2 2 2
Nov - Dec 2019 E-commerce E-commerce 3 2 2
Nov - Dec 2019 E-commerce E-commerce 2 2 1
Nov 2019 Fintech Web app 1 2 3
Nov 2019 Fintech Mobile app for IOS and Android 2 4 2
Dec 2019 Finance Corporate Web 2 1 4
Dec 2019 Automotive Corporate Web 4 0 2
Dec 2019 Service Member web 3 4 3
Time Industry Object of Assesment Found Problems (Risk Level)
High Middle Low
Jan 2020 Fintech Web App 0 2 0
Jan 2020 Fintech Mobile App 1 8 1
Jan 2020 Fintech Network Infrastructure 0 3 0
Feb 2020 Automotive Network Infrastructure 0 0 1
Feb 2020 Service Web App 0 4 1
Feb 2020 Mobilephone Provider Web App 1 10 2
Mar 2020 Airline Web App 0 4 1
Mar 2020 Financial Planner Web App 4 1 2
Mar 2020 Travel Web App 5 4 2
Apr 2020 Service Network Infrastructure 0 1 2
Apr 2020 Service Web App 0 1 3
May 2020 Insurance Web App 4 4 1
May 2020 Insurance Network Infrastructure 0 2 3
Jun 2020 Pharmacies Web App 0 2 0
Jun 2020 Fintech Web App 5 0 0
Sep 2020 Fintech Web App 0 4 2
Oct 2020 Agriculture Network Infrastructure 0 5 1
Time Industry Object of Assesment Found Problems (Risk Level)
High Middle Low
Jan 2021 Automotive Website 1 2 0
Jan 2021 Financial Corporate Web 0 4 2
Feb 2021 Automotive Internal Web System 0 4 2
Feb 2021 Retail Business Mobile App 0 2 3
Feb 2021 E-Learning Web App 0 5 8
Jun 2021 Insurance Web App 0 4 4
Sep 2021 E-commerce Web App 3 2 8
Sep 2021 Public Institution Web System 1 0 5
Oct 2021 Research Company Website 2 1 3
Nov 2021 Food Porducer Web App 0 4 3
Nov 2021 Manufacture Corporate Web 0 3 4
Time Industry Object of Assesment Found Problems (Risk Level)
High Middle Low
Jan 2022 Marketing Agency Corporate Web 0 2 1
Jan 2022 Online media Web app 2 2 3
Jan 2022 Medical Startup Web App 0 2 7
Feb 2022 Manufacture Mobile App 3 1 4
Mar 2022 Automotive Service Web 0 2 2
Mar 2022 Marketing Agency Web App 3 3 5
Apr 2022 Service Mobile App 1 2 4
May 2022 Sier Corporate Web 2 0 2
Jun 2022 Insurance Mobile App 1 2 4
Jun 2022 Fintech Startup Mobile App 1 5 3
Jun 2022 Food Manufacture Web system 1 2 1
Jun 2022 Public Institution Web system 2 4 4
Jun 2022 HR Agency Web App 0 4 4

Our clients

The following shows a partial list of companies that have entrusted LOGIQUE Digital Indonesia with their penetration testing process:

Alo dokter
assa
migo
indokoala
ptgasi
softorb
yamaha
pacto
PUPR




Sample Report

We set 3 Levels of Security Risk

In providing this service, we will offer reports within a format that is easy to understand. The assessment of cyber security vulnerabilities will also be classified into 3 levels, namely High Risk (high), Medium Risk (medium), and Low Risk (low). The level of existing security risk will thereby refer to the overall impact it can potentially have on the business, either in terms of your business’ economy, reputation, or in regards to the possibility that the impact could arise in the near future.

3 Levels of Security Risk
High Risk If any high-risk vulnerabilities are revealed, this can cause dire consequences in the form of reputational damage, financial losses and thereby contribute to critically serious damage on your business’ continuity.

Examples of these vulnerabilities include: SQL Injection, Remote Code Execution, RFI/LFI, Broken Access Control, Hard Coded Sensitive Data, Subdomain Takeover, bypassable OTP verification process, etc.
Middle Risk Moderate-risk vulnerabilities can have a devastating impact on your business, but will not commonly cause fatal repercussions for the company overall.

Examples of these vulnerabilities can include: Sensitive information disclosure, open redirect, no rate limit, improper error handling, directory listing is enabled, etc.
Low Risk These include security vulnerabilities that could cause a minor impact on the targeted system.

Examples of vulnerability findings: Unsecured cookie attributes and HttpOnly, leaked web server technology, information disclosure – ASP.NET Debug method Enabled, misconfigured cross origin resource sharing (CORS), weak password policy, etc.




FAQ

  • What certificates does logique's security team hold?

    The entire LOGIQUE security team has been CERTIFIED CEH (Certified Ethical Hacker) and CSCU (Certified Secure Computer User) from EC-Coucil.

  • When testing one’s digital systems, what standards are implemented by LOGIQUE’S security team?

    The standard applied by the LOGIQUE security team is based on OWASP (Open Web Application Security Project).

  • How much does logique's security system testing services cost?

    When testing any specific system, starting from the initial stage (preparation), testing stage (assessment) to the reporting stage (reporting), LOGIQUE offers prices starting from Rp. 15 million, depending on the type of application or system to be reviewed. In order to learn more, you can directly contact us by email to info@logique.co.id or at the telephone number (021) 227 089 35/36 or via WhatsApp message at 0811-870-321.

  • When conducting tests, does the LOGIQUE security team only rely on automated tools?

    No, we only use automated tools when scanning. Meanwhile, for penetration testing, the LOGIQUE security team uses a manual method during the testing process.

  • How long does it take for the LOGIQUE team to test the system?

    In testing the system, it depends on the scope. However, it generally takes 1 week.

  • Why is it necessary to do a pentest on a system?

    By doing a pentest, you will get an idea of how strong your system's defenses are in the face of cybercrime and various other intrusions.

  • What is needed before doing a pentest?

    Before testing the system, the client only needs to explain the system processes that occur. You can also submit other supporting data if needed.

  • What is the difference between a VA test and a Pentest?

    VA tests rely on automated tools in order to scan the more obvious vulnerabilities; often these tools are rudimentary in nature, thereby disallowing such methods from conducting a thorough inspection.

  • What is the difference between whitebox and blackbox?

    In whitebox testing, the pentester will get full access to the tested system so that it can perform static analysis of various things, such as code, architecture analysis and others. As for the blackbox, the pentester will play a role like a hacker who will attack from outside and try to enter the system using the minimum possible initial information.