News of H-X
24 January 2020
We have received a new review from our client on a reputable reference portal Clutch.co where our services still have the highest rating of 5.0.
31 December 2019
Dear visitors and users of our resources!
Thank you for your interaction and cooperation with us in 2019!
We were pleased to provide you with our free and paid information security services: assessing the security of your sites, applications and organizations, pentesting them, implementing ISO 27001 and other security standards, helping you get official security certificates, providing security education, etc.
In 2019, we created and strengthened a number of service areas. First of all, this year for us was the year of the TISAX automotive information security standard. We promptly responded to the requirements of the German automotive industry, helped several companies obtain the TISAX certification, and as a result became the TISAX leader in Eastern Europe.
We also developed the following areas and models of security services:
- teaching various information security topics for users, software developers and cyber security specialists;
- security services for industrial IT and OT;
- security analysis of software source code, compliance audit for ASVS standard and other application security services;
- audit of smart contracts;
- security incident response, investigations and other services SOC (Security Operations Center).
Today, our customers and partners are located in Ukraine, USA, Germany, Switzerland, Austria, Denmark, Sweden, Norway, Estonia, Kazakhstan and other countries. We are actively developing our partner network, as well as new areas and models of our services, and will be happy to offer them to you in 2020.
Happy New Year and happy holidays!
H-X Technologies Team
22 December 2019
We continue to develop our business direction of audit of smart contracts . This year, we have completed several successful projects in this area. We successfully find the following problems in smart contracts:
- Inconsistency between the specification and the implementation
- Flawed design, logic, or access control
- Arithmetic overflow operations (integer overflow and underflow)
- Reentrancy attacks, code injection attacks, and Denial of Service attacks
- Exceeded limits on bytecode and gas usage
- Miner attacks on timestamp and ordering, transaction-ordering dependence (TOD)
- Race conditions and other known attacks and access control violations
11 November 2019
Our company has been among the first who have completed a large project with a deep security assessment and compliance with the new standard OWASP ASVS 4.0 on application security verification. The target of the analysis was a highly loaded system, up to 100 thousand simultaneous users. As a result of the project, our customer’s system received the verification level 2 according to the standard.
23 October 2019
We have completed an important project on information security assessment and compliance for the the largest investment and construction holding company in Kazakhstan, BI Group. The client was satisfied with our services, and we have proudly posted their feedback and logo on our business case page.
21 October 2019
The business case page of our website has been updated with a new section, Information Security Incident Response and Investigation Cases. We have described an interesting case how we participated in the response to the incident "Hacker attack on the government of an Eastern European country" and in its investigation.
15 October 2019
10 October 2019
We have developed and published a unique ISO 27001 conformity assessment wizard.
30 September 2019
We will be at Europe's largest annual security exhibition, it-sa 2019, in Nuremberg, Germany, on October 9th. If you were looking for a reason to meet, please welcome.
2 September 2019
- at a medical software company
- in a company developing automotive systems
31 July 2019
It's time to check how secure your website!
We have significantly improved our free security assessment service. Now, the scanning of your website vulnerabilities in normal mode is performed much faster and deeper, and the reports are much better, more useful and convenient. Furthermore, the reports are now stored on our server longer. We are pleased to present you the results of our work, which took several months.
More about what has changed:
- Taking into account the wishes of our customers from Europe, in order to reduce cross-border traffic, we have migrated our server to Germany, to one of the most reliable hosting providers. This migration has significantly increased our computing resources, performance and reliability.
- Several scan engines are replaced by other, better ones. In particular, we deployed OWASP ZAP (also known as Zed Attack Proxy, zaproxy). This engine contains many flexible plug-ins and changeable settings. For many years, it has been the de facto standard for scanning website vulnerabilities with open-source tools.
- Improved Executive Summary of the report. Added vulnerability diagram and a summary table with hyperlinks to the details for each vulnerability.
- The information about vulnerabilities is now structured better. All vulnerabilities are now classified by severity. Based on how certain is the information about the vulnerabilities and how frequently they are encountered at the tested website, our service evaluates the weighted risk of each vulnerability and appropriately sorts the list of vulnerabilities by risk.
- Improved description of each vulnerability. A large number of details, the information about each vulnerability instance, evidence, recommendations how to eliminate the vulnerabilities and reduce risks, links to descriptions of the vulnerabilities in popular open databases of vulnerabilities, and so on, are given.
- For each vulnerability, the user can make and store directly in the report their decision on the manual verification of the vulnerability: if it was confirmed or refuted, as well as write their comment. The text of the comment for each vulnerability of each web site is preserved for all scan sessions of this site.
- The retention period of your scanning reports on our server has been increased from 14 days to 3 months.
Want to provide this service to your users or customers? Since our scanning service has retained its scalable architecture, we are ready to provide our partners with a front-end scanner with an API description. At your clients' requests, automatically redirected by your server, we can scan the vulnerabilities of your clients' websites and send the results to your server, which will redirect them to your clients. Write us to get such service.
12 June 2019
We have two big pieces of news at once. We have described our two new services: 1) Continuous Protection of Websites including Security Hardening, Monitoring and Security Incident Response, 2) automated and manual Security Analysis of Software Source Code.
8 June 2019
Our security training programs have been updated. Now we have the following directions of security training for IT specialists and software developers:
- IT and InfoSec management
- Secure Software Development Basics and OWASP
- Secure Software Development Lifecycle for PHP developers
- Secure Software Development Training for Android and iOS Technology Stack
- Backend Security
- Other web application security technologies
- Malware analysis
- Penetration testing
18 May 2019
We have updated our partnership proposals. Now we also have special proposals for IT and InfoSec distributors and integrators, insurance companies, law firms, IT and InfoSec consulting, outsourcing and recruiting companies.
4 May 2019
2 May 2019
We have a longstanding friendly relationship with the German industry, where we have completed a number of security assessment projects, pentests and implementations of security standards. To enhance that relationship, we have recently completed another successful implementation project for a German company operating in the automotive industry. The project goal was the ISA (Information Security Assessment) according to the VDA (Verband der Automobilindustrie, Association of the Automotive Industry) and implementation of TISAX (Trusted Information Security Assessment Exchange).
8 April 2019
We are hiring! Learn more about our vacancies of security managers, Security DevOps and penetration testers.
30 March 2019
According to numerous customer requests, we are introducing a new service — Licensed Scan. The licensed vulnerability scanning is significantly cheaper than the simplest Express Pentest, but it gives much more useful results than our automated free vulnerability scan service.
29 March 2019
We are at the NoNameCon 2019 conference on 17 to 18 May. If you were looking for a reason to meet, join us at a large and interesting specialized cyber security platform in Kiev.
6 March 2019
We got two references from our customers: on security assessment of network infrastructure and compliance with international and industry information security standards. Read more about penetration tests and check your protection.
4 March 2019
We started the Cyber Security Team Extension Service. Add cyber security experience to your short-term or long-term projects by hiring our certified information security specialists! Near-shore outsourcing and outstaffing of IT and information security to Ukraine is a good decision, because Ukraine not only shares European values like responsibility and reliability, and fosters the best IT specialists in the world, but also such hiring is profitable. We also can work on behalf of you for your clients and deliver white-label services. Learn more.
21 February 2019
We are proud to announce our new big service direction — Application Security. Make your software and systems secure from the beginning! Build the Secure SDLC process in your organization. Build, ensure and track the security of your specific products or solutions throughout their lifecycle. Use the best Secure DevOps methods (DevSecOps) and our smart and cost-effective Express SOC (Security Operations Center) solutions customized for your products. Train your managers and team leads, software architects and analysts, software developers and software testers. Learn more.
12 February 2019
Meet our software engineering team! If you have any security- or non-security related software development ideas or challenges and want to hire a reliable team, feel free to contact us.
6 February 2019
We have completed a bright pentest of a cryptocurrency exchange and want to share with you the fresh case.
4 February 2019
We are happy to present our new concept "Tangible Cyber Security". We extend our services and offer the implementation of ISO 27001 and PCI DSS security management systems and controls, corresponding certification and compliance management. Penetration testing remains our core service and our competitive advantage that allows us to provide you with not only formal compliance services, but also real, "tangible" cyber security that is not possible without penetration tests.
31 January 2019
Since in our consulting projects, we use many international security standards and best practices like ISO, ISF, CIS, NIST, we have extracted the best from them and created our own guide on how to organize a comprehensive process of vulnerability management. We are happy to share it with you.
6 December 2018
Before a series of warm family winter holidays, guided by corporate social responsibility, we decided to support the Rodolad Family Center and the Aistenok School for Pregnant Women, which perform high humanitarian missions.
9 November 2018
We are proud to present our new service Express Pentest. It includes automated and manual black-box and gray-box security assessment of websites and networks, vulnerability verification and limited exploitation. The price is only 150$ per IP address or 1500$ per website. It is the right choice, if automated vulnerability scanning does not suit your needs anymore, but you are not ready yet for the full-scale pentest.
15 October 2018
H-X have performed a security assessment including pentest and SDLC consulting of an online job service.
31 August 2018
We have completed a security assessment including pentest of a cloud video service.
2 July 2018
The new service Website vulnerability monitoring has started.
3 March 2018
We started the free of charge website vulnerability scanning service.
2 March 2017
H-X performed a penetration test according to PCI DSS requirements. The customer is a service provider of PCI Level 1 providing services for merchants. The main functions of the company are payment gateway/switch and payment processing internet/e-commerce.
11 November 2016
Basing on the ISSP Training Center, H-X specialists conducted training on protection from social engineering and psychological manipulations. The audience was banks and training centers. Please send your requests for training, seminars and master classes.
21 July 2016
Cooperation offer: become our partner.
18 June 2016
The four business cases of our pentest projects are added:
- Grey-box and white-box pentest for a telecom company
- Grey-box and white-box pentest for an industry production
- Analysis of a retail company's infrastructure
- The pentest for PCI DSS compliance in a financial organization
8 June 2016
The business case of the national-wide pharmacy network pentest is added.
18 April 2016
We earned PECB (Professional Evaluation and Certification Board) Certified Lead Pen Test Professional certification.
12 January 2016
To deliver the security assessment service of high quality, the H-X project is started. It included the experince of our 15-year work in information security, enterprise security and penetration testing.