Do you think your company is protected against cyber attacks? Think again. Cybercriminals are becoming increasingly sophisticated and without a thorough check of your security, you're vulnerable.

🚀If you're looking for quality and increased expertise in both testing and deliverables, you can be proud to have found the right service!
To start with, let me tell you a bit about who I am, really: I started with IT about 10 years ago, I'm a self-taught enthusiast, and you should know that self-taught people are much better than people who have followed a classical course. In just over 10 years of experience my method, expertise and sense of reflection have evolved a great deal and I'm constantly striving to secure the highest level of security. Now it's become something natural and innate for me. Every morning when I get up, I drink a big bowl of coffee in front of my cyber and new technology newsfeed. I need it to get into shape, some people do sports in the morning, I do that.

💪 That's where all my abilities today come from! I'm constantly evolving and I love discovering new technologies. I have passed the Voltaire Project certification, which is highly recognised in France with a score of +500 points, which allows me to write reports of deliverables of very high quality! It is with all this technical baggage, that I can offer you this good value for money service and make the difference on ComeUp to offer you the best possible protection.

😧 I know that the security of your business is a source of anxiety, which is why I'm here to help you. I'm committed to providing you with an in-depth security analysis of your infrastructure, web applications and systems.

🤜 You do NOT have to worry about my expert skills, as I told you, I train self-taught and daily, and completely step out of the academic route (which itself is a bit of a drag). You can be sure that I will be able to support you and offer you a reliable and quality service. I am committed to complying with the strictest security standards to protect your data.

🤯 Imagine the panic you would feel if your website was the target of a computer attack. It could cost you not only financially, but also in terms of reputation and trust with your customers and in the worst of cases put the key under the door.

😨 Don't let your emotions get the better of you, contact me now to help you protect your business and prevent cyber attacks. I'll provide you with a detailed report with the results of the pentest, as well as recommendations for improving the security of your website, server or mobile app.

🔥 Don't wait until it's too late, call on my expertise to protect your business now!

🟢 When you place your order, in the instructions, I'll ask you what your business is, so that I can properly identify the activities of your website and have a more global view.

❓Don't hesitate to contact me for more information. I'd be delighted to discuss your project with you 🙂

👉 Security check (basic offer)

In this option, you'll find 2 independent things:

• In the 1st step, if this is the 1st time you order as a basic offer, I will test the security of your website with the most known vulnerabilities, such as XSS injection, SQLi, etc and the OWASP Top 10, with a mini report.

• In the 2nd stage, if you have already placed an order with an option, I will replay the attacks that I have previously identified in the report, I will repeat exactly the same attacks, in order to demonstrate that the patches that you have implemented as specified in the appropriate section of the pentest report, work and block the attacks and that the vulnerabilities are no longer exploitable.

👉 Below are the options I have to offer you

⛵ The table below allows you to see the tests I carry out on your website in comparison with a real cyberattack carried out by real hackers and a successful hack. The only exception is that I don't use destructive testing tools.

🚨 Testing on a pre-production environment (cloned from production) would be more suitable, that said, I know this isn't always possible, so I can carry out the tests on a production environment.

👉 The options

You can choose 3 options for penetration testing, for WordPress (recommended), hand-made option in grey or black box, and finally a security verification option (basic offer) which allows you to demonstrate that the patches you have implemented on the site are viable.

👉 My site is Wordpress

If your site wasn't developed by hand by developers, in this case it's a rapid website creation solution, i.e. a CMS such as Wordpress. I suggest the black box approach, which is the most effective against hackers.

For each type of test called pentest, there are 3 approaches (white, grey or black box), I wanted to offer you only 2 (grey and black), the most important (see table below):

"Developed by hand" option: ⚓ I have a hand-developed site

In this option package, I'm going to put myself in the place of a hacker to attempt to recover the data from your website. You will then have access to a detailed report with screenshots and the tools used, and you will have access to a section of the report that will allow you to know how to patch all the vulnerabilities.

📒A detailed deliverable report (definition 👇)

The detailed report allows you to take knowledge of all the vulnerabilities identified during the test phases.

Notes are taken throughout the intrusion test, and then I have to format and clean up everything to write the report. You'll find the managerial summary which is a summary of the results obtained and understandable for a non-technical person, in particular using layman's terms. You will also find the list of vulnerabilities identified and classified by criticality level with a list of recommendations for each vulnerability discovered. When I find bad practices in development, I also give advice for improvement, since they can lead to vulnerabilities.

Finally, you'll find the different manipulations that I made during the tests, so you can see everything that was done, what worked and what didn't work. This has several advantages, the 1st being that it shows you that I've done a good job even if I didn't find anything and the 2nd is to show you that when you did things right and I tested attacks, it held and that you shouldn't change it. It helps to emphasise what's going well.
The other advantage is that it also allows you to learn and understand the manipulations I'm going to do and how a hacker might go about bypassing your security and gaining access to your data. And possibly to replay the attacks once the corrections are in place to see if you get the same results. Personally, I'm in the spirit of sharing, so this will also allow you to improve your skills.

A few clarifications during the tests: there is no sending of forged emails, such as phishing or social engineering, I only concentrate on technical tests. The aim being to technically test your architecture, web application, server, mobile application or even your website. I do NOT do destructive testing (DDOS/DOS), it seems obvious but I prefer to say so, so no denial of service attacks, so if I find that systems or features have vulnerabilities to this type of attack I won't test them, so as not to harm the system, and I'll tell you the CVEs I've found. A CVE is a unique number given to a vulnerability allowing it to be identified.

Ideally, as I said, I'd prefer a pre-production environment, and very importantly, that it be a clone of production, but I'm aware that this isn't always possible. So I can also work in the production environment while being careful and avoiding a few tests.