News of H-X
2 April 2020
We have developed a unique VDA ISA and TISAX Compliance Assessment Online Wizard. Check within 30 minutes for free to what extent your company complies with VDA ISA and TISAX, and also how much time you need to achieve full compliance and certification.
23 March 2020
In connection with the COVID-19 pandemic, many companies have switched to the remote workforce. Some have already had such experience, but many are facing it for the first time. Our clients have asked us to help with official and trustworthy recommendations on the security of remote work at home. We have been given the task, on the one hand, not to overload the readers with the excess of information. On the other hand, we should, in an unobtrusive and easy way, focus on the most important risks, settings and security rules that are relevant today. As the source of information, we have selected the latest recommendations of the SANS Institute, which is well-known in information security, and our relevant 15-year experience in corporate security management. Feeling social responsibility in this difficult time, we are pleased to share with you our short guide on the information security of working at home. Feel free to contact us for any consultations and security services.
16 March 2020
A crisis always brings new opportunities. Our customers, for whom we implement international security standards, do not suffer from crises, the coronavirus pandemic and force majeure. Now is the time to test your business continuity plans (BCP, Business Continuity Plan) as part of an overall business continuity management strategy (BCM, Business Continuity Management). Of course, elements of an information security management system should be integrated into BCM. In terms of ISO 27001 and the like, this is ISMS (Information Security Management System), and in terms of the ISA 62443 industrial security standards and the like, it is CSMS (Cybersecurity Management System). Many of our customers these days begin real-life testing of their BCP, switching to remote work, checking backups, restoring and taking other measures. If you want your business to work stably and without interruptions, please contact us.
27 February 2020
We have a new branch office in Zaporozhye! Visit us at 9, Minskaya Street, office 100.
24 January 2020
We have received a new review from our client at a reputable reference portal Clutch.co where our services still have the highest rating of 5.0.
31 December 2019
Dear visitors and users of our resources!
Thank you for your interaction and cooperation with us in 2019!
We were pleased to provide you with our free and paid information security services: assessing the security of your sites, applications and organizations, pentesting them, implementing ISO 27001 and other security standards, helping you get official security certificates, providing security education, etc.
In 2019, we created and strengthened several service areas. First of all, this year for us was the year of the TISAX automotive information security standard. We promptly responded to the requirements of the German automotive industry, helped several companies obtain the TISAX certification, and as a result became the TISAX leader in Eastern Europe.
We also developed the following areas and models of security services:
- teaching various information security topics for users, software developers, and cybersecurity specialists;
- security services for industrial IT and OT;
- security analysis of software source code, compliance audit for ASVS standard and other application security services;
- audit of smart contracts;
- security incident response, investigations and other SOC (Security Operations Center) services.
Today, our customers and partners are located in Ukraine, USA, Germany, Switzerland, Austria, Denmark, Sweden, Norway, Estonia, Kazakhstan, and other countries. We are actively developing our partner network, as well as new areas and models of our services, and will be happy to offer them to you in 2020.
Happy New Year and happy holidays!
H-X Technologies Team
22 December 2019
We continue to develop smart contract audit services. This year, we have completed several successful projects in this area. We can successfully find the following problems in smart contracts:
- Inconsistencies between the specification and the implementation
- Flawed design, logic, or access control
- Arithmetic overflow operations (integer overflow and underflow)
- Reentrancy attacks, code injection attacks, and Denial of Service attacks
- Exceeded limits on bytecode and gas usage
- Miner attacks on timestamp and ordering, transaction-ordering dependence (TOD)
- Race conditions and other known attacks and access control violations
11 November 2019
Our company has been among the first who have completed a large project with deep security assessment and compliance with the new standard OWASP ASVS 4.0 on application security verification. The target of the analysis was a highly loaded system, with up to 100 thousand simultaneous users. As a result of the project, our customer’s system received a level 2 verification according to the standard.
23 October 2019
We have completed an important project on information security assessment and compliance for the largest investment and construction holding company in Kazakhstan, BI Group. The client was satisfied with our services, and we have proudly posted their feedback and logo on our business case page.
21 October 2019
The business case page of our website has been updated with a new section, Information Security Incident Response and Investigation Cases. We have described an interesting case about how we participated in the response to the incident "Hacker attack on the government of an Eastern European country" and its investigation.
15 October 2019
10 October 2019
We have developed and published a unique ISO 27001 conformity assessment wizard.
30 September 2019
We will be at Europe's largest annual security exhibition, it-sa 2019, in Nuremberg, Germany, on October 9th. If you were looking for a reason to meet, you are welcome.
2 September 2019
- at a medical software company
- at a company developing automotive systems
31 July 2019
It's time to check how secure your website is!
We have significantly improved our free security assessment service. Now, the scanning of your website vulnerabilities in normal mode is performed much faster and deeper, and the reports are much better, more useful and convenient. Furthermore, the reports are now stored on our server longer. We are pleased to present to you the results of our work, which took several months.
More about what has changed:
- Taking into account the wishes of our customers from Europe, to reduce cross-border traffic, we have migrated our server to Germany, to one of the most reliable hosting providers. This migration has significantly increased our computing resources, performance, and reliability.
- Several scan engines have been replaced by other, better ones. In particular, we have deployed OWASP ZAP (also known as Zed Attack Proxy, zaproxy). This engine contains many flexible plug-ins and changeable settings. For many years, it has been the de facto standard for scanning website vulnerabilities with open-source tools.
- Improved Executive Summary of the report. Added vulnerability diagram and a summary table with hyperlinks to the details for each vulnerability.
- The information about vulnerabilities is now structured better. All vulnerabilities are now classified by severity. Based on how certain is the information about the vulnerabilities and how frequently they are encountered at the tested website, our service evaluates the weighted risk of each vulnerability and appropriately sorts the list of vulnerabilities by risk.
- Improved description of each vulnerability. A large number of details, the information about each vulnerability instance, evidence, recommendations on how to eliminate the vulnerabilities and reduce risks, links to descriptions of the vulnerabilities in popular open databases of vulnerabilities, and so on, are given.
- For each vulnerability, the user can make and store directly in the report their decision on the manual verification of the vulnerability: if it was confirmed or refuted, as well as write their comment. The text of the comment for each vulnerability of each web site is preserved for all scan sessions of this site.
- We have increased the time we keep your scanning reports on our server from 14 days to 3 months.
Want to provide this service to your users or customers? Since our scanning service has retained its scalable architecture, we are ready to provide our partners with a front-end scanner including the API documentation. When your clients send a request to your server, it will be automatically redirected to us. Then we will scan the vulnerabilities and send the results back to your server, which will forward them to your clients. Write to us to request such a service.
12 June 2019
We have two big pieces of news at once. We have introduced our two new services: 1) Continuous Protection of Websites including Security Hardening, Monitoring and Security Incident Response, 2) automated and manual Security Analysis of Software Source Code.
8 June 2019
Our security training programs have been updated. Now we provide security training for IT specialists and software developers in the following areas:
- IT and InfoSec management
- Secure Software Development Basics and OWASP
- Secure Software Development Lifecycle for PHP developers
- Secure Software Development Training for Android and iOS Technology Stack
- Backend Security
- Other web application security technologies
- Malware analysis
- Penetration testing
18 May 2019
We have updated our partnership offers. Now we also have special offers for IT and InfoSec distributors and integrators, insurance companies, law firms, IT and InfoSec consulting, outsourcing and recruiting companies.
4 May 2019
2 May 2019
We have many longstanding, friendly relationships in German industry, where we have completed several security assessment projects, pentests, and implementations of security standards. We have recently completed another successful implementation project for a German company operating in the automotive industry. The goal of the project was to perform an information security assessment (ISA) according to VDA standards (Verband der Automobilindustrie, Association of the Automotive Industry) and to implement TISAX (Trusted Information Security Assessment Exchange).
8 April 2019
We are hiring! Learn more about our vacancies for security managers, Security DevOps, and penetration testers.
30 March 2019
According to numerous customer requests, we are introducing a new service — Licensed Scan. The licensed vulnerability scanning is significantly cheaper than the simplest Express Pentest, but it gives much more useful results than our automated free vulnerability scan service.
29 March 2019
We are at the NoNameCon 2019 conference from 17 to 18 May. If you were looking for a reason to meet, join us at this large and interesting specialized cybersecurity platform in Kiev.
6 March 2019
We got more positive feedback from two of our customers: about the security assessment of network infrastructure and compliance with international and industry information security standards. Read more about penetration tests and check your protection.
4 March 2019
We have introduced the Cyber Security Team Extension Service. Add cybersecurity experience to your short-term or long-term projects by hiring our certified information security specialists! Outsourcing and outstaffing IT and information security to Ukraine is a good decision, because Ukraine not only shares European values like responsibility and reliability, and fosters the best IT specialists in the world, but also it will be profitable for you. We can also work on behalf of you for your clients and deliver white-label services. Learn more.
21 February 2019
We are proud to announce our big new group of services — Application Security. Make your software and systems secure from the start! Build the Secure SDLC Process in your organization. Build, ensure and track the security of your specific products or solutions throughout their lifecycle. Use the best Secure DevOps methods (DevSecOps) and our smart and cost-effective Express SOC (Security Operations Center) solutions customized to your products. Train your managers and team leads, software architects and analysts, software developers and software testers. Learn more.
12 February 2019
Meet our software engineering team! If you have any security- or non-security related software development ideas or challenges and want to hire a reliable team, feel free to contact us.
6 February 2019
We have completed an impressive pentest of a cryptocurrency exchange and want to share with you the news.
4 February 2019
We are happy to present our new concept "Tangible Cyber Security". We have extended our services and we are proud to offer you the implementation of ISO 27001 and PCI DSS security management systems and controls, corresponding certification and compliance management. Penetration testing remains our core service and it gives us the edge over our competitors, which allows us to provide you with not only formal compliance services but also real, "tangible" cybersecurity that is not possible without penetration tests.
31 January 2019
In our consulting projects, we use many international security standards and best practices like ISO, ISF, CIS, NIST. We have extracted the best features from them and created our guide on how to organize a comprehensive process of vulnerability management. We are happy to share it with you.
6 December 2018
Before a series of warm family winter holidays, guided by corporate social responsibility, we have decided to support the Rodolad Family Center and the Aistenok School for Pregnant Women, which perform admirable humanitarian missions.
9 November 2018
We are proud to present our new service Express Pentest. It includes automated and manual black-box and gray-box security assessments of websites and networks, vulnerability verification and limited exploitation. The price is only $150 per IP address or $1500 per website. It is the right choice if automated vulnerability scanning does not suit your needs anymore, but you are not yet ready for the full-scale pentest.
15 October 2018
H-X has performed a security assessment, including pentest and SDLC consulting, of an online job service.
31 August 2018
We have completed a security assessment, including pentest, of a cloud video service.
2 July 2018
Our new service, Website vulnerability monitoring, has started.
3 March 2018
We have started the free website vulnerability scanning service.
2 March 2017
H-X has performed a penetration test according to PCI DSS requirements. The customer is a service provider of PCI Level 1, providing services for merchants. The main functions of the company are the payment gateway, switch, and processing for e-commerce.
11 November 2016
In collaboration with ISSP Training Center, H-X specialists conducted training on protection from social engineering and psychological manipulation. The audience came from the banking and training sectors. Please send your requests for training, seminars, and masterclasses.
21 July 2016
Cooperation offer: become our partner.
18 June 2016
We have published four more business cases about our pentest projects:
- Grey-box and white-box pentest for a telecom company
- Grey-box and white-box pentest for an industrial facility
- Analysis of a retail company's infrastructure
- The pentest for PCI DSS compliance at a financial organization
8 June 2016
We have published a new business case about a network pentest at a nation-wide pharmacy.
18 April 2016
We have earned PECB (Professional Evaluation and Certification Board) Certified Lead Pen Test Professional certification.
12 January 2016
With a mission to deliver high quality security assessment services, we have started H-X project. Prior to this, we possess 15-year experience in information security, enterprise security, and penetration testing.