Offensive Cybersecurity For Companies

Katana Security is an expert group that helps companies remediate applications and network risks.

Let's Talk!

Our Pentesting Services

Web Application

Based on the Open Web Application Security Project (OWASP), Application Security Verification Standard (ASVS), and the OWASP Testing Guide, which provides a comprehensive framework for assessing the security of web-based applications.
Manual testing ensures coverage of specific business logic offered by the app, producing better results than automated scanning.

API

Web API pentesting follows a similar approach as Web Application testing. The API pentesting methodology is based on the same foundation as the OWASP Top 10, ASVS, and OWASP Testing Guide.
The approach is focused on understanding and analyzing the authentication type used, methods, structures, and responses, looking for vulnerabilities and unexpected cases.

Mobile

Katana does testing for mobile applications running on the Android platform. The approach is based on the OWASP Mobile Top 10 as a methodology to determine the risk of a mobile application and locate security issues.

Internal & External Network

Pentesting external and internal networks for any hosting service, using a methodology based on the Open Source Security Testing Methodology Manual (OSSTMM). It can be limited to a specific IP range or cover a wide reconnaissance area using OSINT (open-source intelligence).

Have Some Questions?

  • What is Pentesting?

    Penetration testing (or pentesting) is a security exercise where cyber-security experts attempt to identify and exploit vulnerabilities in a computer system (web app, mobile app, API, network). The purpose of this simulated attack is to find any weak spots in a system’s defenses that attackers could take advantage of.

  • What are vulnerabilities?

    Vulnerabilities are usually weaknesses that attackers could exploit to affect data confidentiality, integrity, or availability. The vulnerabilities found can be used to patch applications or networks, fine-tune security policies, identify common weaknesses across multiple applications, and strengthen the overall security posture.

  • What is the Deliverable?

    The output is a list of vulnerabilities and the risks they pose to the business or application, as well as a concluding report. The report includes an executive summary of the testing, a scope of work, testing methodology, a summary of findings, and recommendations for remediation.

Still Hesitating To Try Our Services? Let's Talk!

Contact Us

Who We Are

Juan Pablo Ruffino

Application Security Engineer

An experienced ethical hacker with +9 years in the field who enjoys understanding how things work, solving challenges, and creating ad-hoc scripts with interpreted programming languages.

Lautaro Colombo

Pentester

Hacker specialized in testing all kinds of APIs, web applications and networks, to meticulously identify and document security vulnerabilities, demonstrate their impact and advise on mitigation strategies.

How Can We Help?