Iterasec

Client Innocode develops a digital media and publishing solution for newspapers and local communities.   Goals Innocode engaged Iterasec in a holistic security review of the solution: – Several customer-facing applications– Mobile Apps– API/Backend– Cloud and container security audit Solution and results Before starting the pentest, Iterasec wanted to perform a joint threat modeling exercise. First, Iterasec performed an introductory workshop for the product team, explaining the methodology and basics of threat modeling. Later, after preparing a DFD diagram, Iterasec facilitated two threat modeling sessions with the team.   Going forward, Iterasec started with application security testing of the web and mobile applications and API interfaces. The tests followed OWASP ASVS/MASVS but also focused on finding non-obvious vulnerabilities and chaining them into potentially efficient attacks.  Next, Iterasec performed a Google Cloud Platform and Kubernetes security audits, mainly relying on CIS Benchmark tools and manual findings analysis.  All the findings were summarised in the final pentest report along with the recommendations.  Iterasec supported the team in fixing security issues and ensured security fixes were applied correctly.  The team consisted of 1 Senior Security Consultant, 2 Pentesters and 1 Delivery Manager.

Client Securrency is a fintech company that provides an infrastructure for digital assets markets. The company engaged Iterasec to perform security testing of the different product components.  Cooperation We’ve been working with Securrency for over 3 years now. Initially started with web application penetration testing, Iterasec was also involved in the security of mobile Apps. Iterasec also performed a series of smaller API pentest, allowing the team to build and deploy its product iteratively, ensuring it is secure at each product development leap.

Client Open Social is a company that builds community software for leading organizations like the United Nations, Greenpeace International and the European Commission.   Cooperation Open Social reached out to Iterasec in 2021 requesting to build ISO 27001 certification. The first project, Guided ISO 27001 implementation, took about a year and the company successfully passed the certification.  After that, we’ve been working on several other projects, including the pentest of the Open Social Drupal-based product, performing security code reviews, incident management consulting, information security training, etc.  Iterasec remains a trusted cybersecurity partner for Open Social, providing on-the-spot cybersecurity services. For a small company such as Open Social, this is much more efficient as compared to retaining its own cybersecurity team.

Client Lemberg Solutions is an IoT and Software development company. With more than 200 employees, it develops complex IoT solutions for healthcare, automotive, smart consumer devices and many other industries. Overview In 2020, the company initially reached out to us for consultancy services in implementing the ISMS and ISO 27001 certification. Going forward, many more projects followed, both for Lemberg Solutions (ISO 9001, ISO 13485, internal penetration tests) and well for their clients (security penetration tests of the various customers’ software products).   Cooperation Iterasec started with building efficient ISMS in the company that both fulfils ISO 27001 and at the same time is lightweight and efficient in practice. After a year of active preparation using our Guided Compliance Implementation services, Lemberg Solutions became ISO 27001 and ISO 9001 certified. After the first successful project, Iterasec integrated with Lemberg Solutions even more closely. At the moment Iterasec provides a number of services: – Supporting ISMS and acting as Virtual CISO– On-demand compliance support (such as GDPR issues)– Application Security: integration in several client development projects, pentests, secure development lifecycle, DevSecOps– Providing various security training to the engineering and data science teamsResultThe company can focus more on clients and engineering expertise. By closely integrating with the company, Iterasec provides all the benefits of the in-house security team while costing much less both in terms of money and operational efforts. With more than three years of a successful partnership.