LOGIQUE specializes in penetration testing on web/mobile applications, or websites that can accurately help find and report vulnerabilities in the system.
LOGIQUE can also work with partners. We have to conduct security testing in several other areas such as networks, cloud servers, or human risks, however, Logique's IT security team will still fully handle the penetration testing process on your company's website and applications.
High Quality
The CEH-certified IT security team will be directly involved, so the process of security testing and vulnerability reporting will be carried out with high professionalism. So far, logique clients have asked us to perform tests on the system/web/application at regular intervals.
Competitive Pricef
We offer penetration testing services at very competitive prices when compared to other companies. Given the high number of total losses potentially caused by cyber security break ins, of course this service (penetration testing services) can be a cost-effective investment as a preventive measure.
Fast Delivery Process
We may submit security vulnerability assessment reports within a maximum period of 1 week. That said, clients will generally take longer to review reports or fix vulnerabilities found.
Infrastructure penetration testing is carried out in order to identify any existing security vulnerabilities in regards to critical network infrastructure within the company. The scope of this penetration test is limited to testing servers, routers, workstations, and the cloud. The testing process can also be done remotely or on-site.
Reports are easy to understand
Full support until retest
Testing performed by CEH certified specialists
Testing is done on site or remotely via VPN
Testing Server/Router/Workstation/Cloud
Server
Router
Workstation
Cloud
IPV4/IPV6 SCANNING, OSINT
HACKING DATABASE SERVERS
CONTAINER BREAKOUT
AD EXPLOITATION
LINUX EXPLOITATION
Techniques (Win 10)
VPN EXPLOITATION
VOIP ATTACK
VLAN ATTACKS
CLOUD HACKING
An IT system / web application usually comes with a variety of important data, making a data leakage critically undesirable. Logique’s penetration testing services will overcome this, our IT security experts will determine the scope of the test and conduct a comprehensive assessment. To fix the vulnerability, LOGIQUE can also properly introduce you to an IT development company that can handle it.
Reports are easy to understand
Full support until retest
Testing performed by CEH certified specialists
API testing
Comprehensive testing (Web App/Web System)
CRM
HRS
Customer management system (CRM)
Auction management system
Point management system
Sign-in/outbound test
Cross-site scripting, SQL injection, command injection, Guidance to phishing sites, tampering parameters, and others.
Authentication tests
Login error messages, sending and receiving login/personal information, etc.
Login/ Problems related to roles
Increased privileges (privilege escalation), access to unauthorized information, etc.
Session Management
Session fixation, Cross-Site Request Forgery (CSRF), etc.
Common vulnerabilities
The presence or absence of default content such as sample programs, etc.
Mobile/smartphone penetration testing serves to review the mobile app’s level of security vulnerability in a mobile application (Android/iOS). Mobile app penetration tests can also include tests for web APIs.
Reports are easy to understand
Full support until retest
Testing performed by CEH certified specialists
API testing
Android & iOS
HR Application
E-Learning Application
PWA
E-Auction Application
Inspection Application
E-Commerce Application
Improper platform usage
Testing for abuse of platform features or failure to use platform security controls..
Insecure data storage
Areas to be checked include SQL databases, Log files, XML data stores or manifest files, Binary data stores, Cookie stores, SD cards, synced Cloud.
Insecure communication
Checking the application's request response traffic.
Insecure authentication
Applications can experience insecure authentication so testing of Hidden Service Requests & Interface Reliance will be necessarily performed..
Insufficient cryptography
Insufficient Cryptography testing for vulnerabilities of mobile apps leveraging encryption
Insecure authorization
The penetration tester will test for poor authorization schemes such as performing binary attacks on mobile apps and trying to run privileged functionality that should only be able to run with users who are supposed to have higher privileges.
Client code quality/client side Injection
The pentester will test for code quality issues that are quite prevalent in most mobile codes.
Code Tampering
The pentester will test for code misuse vulnerabilities that allow hackers to change the environment in which the code runs.
Reverse Engineering
Hackers can perform a final core binary analysis in order to determine their original string tables, source code, libraries, algorithms, and resources embedded within the application. The pentester will then perform String Table Analysis, Cross-Functional Analysis, and Source Code Analysis
Hackers can exploit hidden functionalities within the backend system so as to carry out any attacks. The pentester will run the Administrative Endpoint Exposed &Debug Flag in Configuration File scenario.
LOGIQUE Digital Indonesia Upholds World-Class Standards Regarding its Pentest Services.
In carrying out the penetration testing (pentest) process, Logique is supported by a team of experienced Pentesters who hold ceh (Certified Ethical Hacker) and CSCU (Certified Secure Computer User) certifications from the EC-Council, so there is no need to doubt our capabilities.
Why Is It Necessary To Conduct Penetration Testing On Your Systems?
By conducting the penetration testing (pentest) process, the overall strength of your own website will be revealed. Any applications or network defense systems you have installed can therefore test their effectiveness against instances of cybercrime as well as various other disturbances.
Cyber security is a feature that needs to be consistently improved, especially if you have a business that applies the use of digital media. Cyberattacks already present the biggest threat to any company. A study conducted at the University of Maryland states that hacker attacks occur every 39 seconds on average.
Do not delay in aiming to improve the overall security of your Website & Applications in order to avoid the ever-increasing risk of cyberattacks.
Logique Digital Indonesia has experienced testers specifically trained in finding security loopholes present in a wide variety of websites and applications. In carrying out these necessary security tests, Logique Digital Indonesia’s professional team of pentesters will always apply a certain level of operational standards used internationally, by all pentesters around the world. If needed, Logique Digital Indonesia can also conduct penetration tests on the spot, where the IT security team will come to the company and conduct tests directly.
The entire security team at Logique also possesses certificates; their capabilities are unquestionable. Here are the various certifications we have:
Time | Industry | Object of Assesment | Found Problems (Risk Level) | ||
---|---|---|---|---|---|
High | Middle | Low | |||
Sep - Oct 2019 | Travel | Web app | 5 | 4 | 2 |
Sep - Oct 2019 | Media | Online Media | 8 | 0 | 3 |
Sep - Oct 2019 | Entrainment | Network infrastructure | 4 | 2 | 1 |
Sep - Oct 2019 | E-commerce | Market Place Web | 8 | 4 | 4 |
Oct 2019 | E-commerce | PWA | 4 | 3 | 0 |
Oct - Nov 2019 | Forwarding | Website company profile | 5 | 5 | 3 |
Oct - Nov 2019 | E-commerce | Web app | 6 | 0 | 2 |
Oct - Nov 2019 | E-commerce | Web app | 2 | 2 | 1 |
Oct - Dec 2019 | E-commerce | Web app | 53 | 1 | 0 |
Nov - Dec 2019 | E-commerce | Mobile app for Android | 2 | 2 | 2 |
Nov - Dec 2019 | E-commerce | E-commerce | 3 | 2 | 2 |
Nov - Dec 2019 | E-commerce | E-commerce | 2 | 2 | 1 |
Nov 2019 | Fintech | Web app | 1 | 2 | 3 |
Nov 2019 | Fintech | Mobile app for IOS and Android | 2 | 4 | 2 |
Dec 2019 | Finance | Corporate Web | 2 | 1 | 4 |
Dec 2019 | Automotive | Corporate Web | 4 | 0 | 2 |
Dec 2019 | Service | Member web | 3 | 4 | 3 |
Time | Industry | Object of Assesment | Found Problems (Risk Level) | ||
---|---|---|---|---|---|
High | Middle | Low | |||
Jan 2020 | Fintech | Web App | 0 | 2 | 0 |
Jan 2020 | Fintech | Mobile App | 1 | 8 | 1 |
Jan 2020 | Fintech | Network Infrastructure | 0 | 3 | 0 |
Feb 2020 | Automotive | Network Infrastructure | 0 | 0 | 1 |
Feb 2020 | Service | Web App | 0 | 4 | 1 |
Feb 2020 | Mobilephone Provider | Web App | 1 | 10 | 2 |
Mar 2020 | Airline | Web App | 0 | 4 | 1 |
Mar 2020 | Financial Planner | Web App | 4 | 1 | 2 |
Mar 2020 | Travel | Web App | 5 | 4 | 2 |
Apr 2020 | Service | Network Infrastructure | 0 | 1 | 2 |
Apr 2020 | Service | Web App | 0 | 1 | 3 |
May 2020 | Insurance | Web App | 4 | 4 | 1 |
May 2020 | Insurance | Network Infrastructure | 0 | 2 | 3 |
Jun 2020 | Pharmacies | Web App | 0 | 2 | 0 |
Jun 2020 | Fintech | Web App | 5 | 0 | 0 |
Sep 2020 | Fintech | Web App | 0 | 4 | 2 |
Oct 2020 | Agriculture | Network Infrastructure | 0 | 5 | 1 |
Time | Industry | Object of Assesment | Found Problems (Risk Level) | ||
---|---|---|---|---|---|
High | Middle | Low | |||
Jan 2021 | Automotive | Website | 1 | 2 | 0 |
Jan 2021 | Financial | Corporate Web | 0 | 4 | 2 |
Feb 2021 | Automotive | Internal Web System | 0 | 4 | 2 |
Feb 2021 | Retail Business | Mobile App | 0 | 2 | 3 |
Feb 2021 | E-Learning | Web App | 0 | 5 | 8 |
Jun 2021 | Insurance | Web App | 0 | 4 | 4 |
Sep 2021 | E-commerce | Web App | 3 | 2 | 8 |
Sep 2021 | Public Institution | Web System | 1 | 0 | 5 |
Oct 2021 | Research Company | Website | 2 | 1 | 3 |
Nov 2021 | Food Porducer | Web App | 0 | 4 | 3 |
Nov 2021 | Manufacture | Corporate Web | 0 | 3 | 4 |
Time | Industry | Object of Assesment | Found Problems (Risk Level) | ||
---|---|---|---|---|---|
High | Middle | Low | |||
Jan 2022 | Marketing Agency | Corporate Web | 0 | 2 | 1 |
Jan 2022 | Online media | Web app | 2 | 2 | 3 |
Jan 2022 | Medical Startup | Web App | 0 | 2 | 7 |
Feb 2022 | Manufacture | Mobile App | 3 | 1 | 4 |
Mar 2022 | Automotive | Service Web | 0 | 2 | 2 |
Mar 2022 | Marketing Agency | Web App | 3 | 3 | 5 |
Apr 2022 | Service | Mobile App | 1 | 2 | 4 |
May 2022 | Sier | Corporate Web | 2 | 0 | 2 |
Jun 2022 | Insurance | Mobile App | 1 | 2 | 4 |
Jun 2022 | Fintech Startup | Mobile App | 1 | 5 | 3 |
Jun 2022 | Food Manufacture | Web system | 1 | 2 | 1 |
Jun 2022 | Public Institution | Web system | 2 | 4 | 4 |
Jun 2022 | HR Agency | Web App | 0 | 4 | 4 |
Jul 2022 | Automotive | Website | 0 | 3 | 3 |
Jul 2022 | Retail | Website | 0 | 2 | 5 |
Jul 2022 | Manufacturer | Network | 0 | 2 | 2 |
Aug 2022 | Fintech Startup | Mobile App | 1 | 1 | 4 |
Aug 2022 | Travel | Web App | 2 | 2 | 3 |
Sep 2022 | E-Commerce | Web App | 4 | 1 | 4 |
Sep 2022 | E-Commerce | Network Infrastructure | 2 | 1 | 1 |
Oct 2022 | Online media | Web App | 1 | 4 | 1 |
Oct 2022 | E-Commerce | Mobile App | 1 | 2 | 2 |
Oct 2022 | Manufacturer | Network Infrastructure | 1 | 0 | 1 |
Nov 2022 | Financial | Website | 0 | 2 | 2 |
Nov 2022 | Medical | Website | 1 | 4 | 4 |
Nov 2022 | Manufacturer | IT System | 6 | 8 | 12 |
Dec 2022 | E-Commerce | Mobile App | 2 | 2 | 3 |
Dec 2022 | IT Service | Website | 1 | 2 | 4 |
Time | Industry | Object of Assesment | Found Problems (Risk Level) | ||
---|---|---|---|---|---|
High | Middle | Low | |||
Jan 2023 | Financial | Website | 1 | 3 | 3 |
Jan 2023 | Financial | API | 1 | 1 | 1 |
Jan 2023 | Fintech Startup | Network Infrastructure | 0 | 2 | 2 |
Jan 2023 | Insurance | Web App | 1 | 5 | 2 |
Feb 2023 | Traiding | Network Infrastructure | 2 | 3 | 4 |
Feb 2023 | Traiding | IT System | 8 | 17 | 10 |
Feb 2023 | Food | Web App | 2 | 2 | 3 |
Feb 2023 | Food | API | 1 | 1 | 4 |
Feb 2023 | IT Service | Website | 1 | 4 | 1 |
Mar 2023 | Service | Web App | 2 | 1 | 6 |
Mar 2023 | BPO | Network Infrastructure | 2 | 5 | 7 |
Mar 2023 | Real Estate | Website | 1 | 3 | 3 |
Mar 2023 | Real Estate | API | 0 | 1 | 2 |
Mar 2023 | Service | Website | 0 | 2 | 3 |
Apr 2023 | Saas | Web App | 2 | 6 | 4 |
Apr 2023 | Consulting | Website | 1 | 4 | 2 |
Apr 2023 | Transportation | IT System | 5 | 4 | 11 |
Apr 2023 | IT Service | Mobile App | 1 | 3 | 3 |
Apr 2023 | IT Service | Web App | 1 | 2 | 4 |
Jun 2023 | Public Sector | Website | 1 | 1 | 3 |
Jun 2023 | Market Place | Web App | 4 | 3 | 8 |
Jun 2023 | Financial | Mobile App | 1 | 6 | 4 |
Jul 2023 | Automotive | Website | 3 | 2 | 8 |
Jul 2023 | Automotive | Mobile App | 5 | 5 | 8 |
Jul 2023 | Financial | Network Infrastructure | 0 | 2 | 2 |
Jul 2023 | IT Service | Website | 0 | 1 | 3 |
Jul 2023 | Real Estate | Mobile App | 4 | 8 | 8 |
Aug 2023 | Online Platform | Web App | 5 | 7 | 8 |
Aug 2023 | Fintech Startup | Mobile App | 1 | 4 | 3 |
Aug 2023 | Automotive | IT System | 2 | 4 | 5 |
Aug 2023 | Real Estate | Website | 1 | 3 | 4 |
The following shows a partial list of companies that have entrusted LOGIQUE Digital Indonesia with their penetration testing process:
In providing this service, we will offer reports within a format that is easy to understand. The assessment of cyber security vulnerabilities will also be classified into 3 levels, namely High Risk (high), Medium Risk (medium), and Low Risk (low). The level of existing security risk will thereby refer to the overall impact it can potentially have on the business, either in terms of your business’ economy, reputation, or in regards to the possibility that the impact could arise in the near future.
3 Levels of Security Risk | |
---|---|
High Risk |
If any high-risk vulnerabilities are revealed, this can cause dire consequences in the form of reputational damage, financial losses and thereby contribute to critically serious damage on your business’ continuity.
Examples of these vulnerabilities include: SQL Injection, Remote Code Execution, RFI/LFI, Broken Access Control, Hard Coded Sensitive Data, Subdomain Takeover, bypassable OTP verification process, etc. |
Middle Risk |
Moderate-risk vulnerabilities can have a devastating impact on your business, but will not commonly cause fatal repercussions for the company overall.
Examples of these vulnerabilities can include: Sensitive information disclosure, open redirect, no rate limit, improper error handling, directory listing is enabled, etc. |
Low Risk |
These include security vulnerabilities that could cause a minor impact on the targeted system.
Examples of vulnerability findings: Unsecured cookie attributes and HttpOnly, leaked web server technology, information disclosure – ASP.NET Debug method Enabled, misconfigured cross origin resource sharing (CORS), weak password policy, etc. |
The entire LOGIQUE security team has been CERTIFIED CEH (Certified Ethical Hacker) and CSCU (Certified Secure Computer User) from EC-Coucil.
The standard applied by the LOGIQUE security team is based on OWASP (Open Web Application Security Project).
When testing any specific system, starting from the initial stage (preparation), testing stage (assessment) to the reporting stage (reporting), LOGIQUE offers prices starting from Rp. 15 million, depending on the type of application or system to be reviewed. In order to learn more, you can directly contact us by email to info@logique.co.id or at the telephone number (021) 227 089 35/36 or via WhatsApp message at 0811-870-321.
No, we only use automated tools when scanning. Meanwhile, for penetration testing, the LOGIQUE security team uses a manual method during the testing process.
In testing the system, it depends on the scope. However, it generally takes 1 week.
By doing a pentest, you will get an idea of how strong your system's defenses are in the face of cybercrime and various other intrusions.
Before testing the system, the client only needs to explain the system processes that occur. You can also submit other supporting data if needed.
Vulnerability Assessment test or VA test rely on automated tools in order to scan the more obvious vulnerabilities; often these tools are rudimentary in nature, thereby disallowing such methods from conducting a thorough inspection.
In whitebox testing, the pentester will get full access to the tested system so that it can perform static analysis of various things, such as code, architecture analysis and others. As for the blackbox, the pentester will play a role like a hacker who will attack from outside and try to enter the system using the minimum possible initial information.
Please contact LOGIQUE for more information about Penetration Testing Service