Penetration Testing

Penetration Testing

The attack surface of your company is more exposed than you might think. You have external facing applications that have a mutual trust relationship with applications inside your organisation. Vulnerabilities may exist in these areas, not only on application level but also at infrastructural level. How do you know your network and applications are resilient against modern attacks? With our penetration testing service, we can identify vulnerabilities that could impact your services or your business. Contrahack has created a unique methodology for these application and infrastructural areas to make sure all the vulnerabilities are discovered.

Social Engineering

Social Engineering

This test reveals information about the security awareness level of members of your organisation. Our Experienced security experts use scenarios comparable to the attack scenarios that a real attacker would use. For example setting up email phishing campaigns, dropping USB hardware devices or retrieving information such as trying to retrieve sensitive information from your employees.

Automated Vulnerability Scanning

Automated vulnerability scanning

Having a dedicated security team is something not always affordable for every company but we offer a service that utilises a range of tools, custom scripts and in-house applications to comprehensively analyse your organisations IT network, from inside and out. Experienced security experts review the results of the vulnerability scans to provide a clear summary report, key recommendations and threat mitigation advice. We can use this service from the cloud or can deploy it on premise, because we use open source tools, custom scripts and in-house developed tools the overall cost are low.

Secure Software Development

Secure Software Development

The application landscape has drastically changed in the past years. We moved from a waterfall way of working to the new agile way. Now that applications are being developed in this DevOps (agile) way and releases happen every day how do we make sure we are still in control of security? How can you and your company include security in DevOps and become truly SecDevOps and in control? Using our proven methodology will enable and empower your developers to build secure applications by design. Long lasting security knowledge, skills and being in control - are the expected outcomes of this secure software development service.

Secure Software Development

Secure code audit

We have a unique way of performing a secure code audit that really has a lot of added value for your development team. The way we perform a secure code audit is by using the security controls from the OWASP-ASVS (Application Security Verification Standard). This is the standard that is being used by Military, Banks, Healthcare and governments all over the world.

How we conduct the secure code review is together with the development team having the source code of the application on a beamer. We work closely together with your developers to verify if all the security controls are implemented and also if they are implemented in a secure manner. Having this approach of conducting a secure coding audit allows improvement of the security knowledge of all the developers participating in this exercise. This approach is also much faster than the traditional secure code audits because our approach will take only around 2 days to perform and after the audit you will be receiving a certificate that the application applied the level 1-3 security controls.

SKF as a Service

OWASP-SKF as a Service

Over 20 years of experience in web application security bundled into a single application. The Security Knowledge Framework is a vital asset to the coding toolkit of you and your development team. Use SKF to learn and integrate security by design in your web application by training your developers in writing secure code. The SKF is an open-source application that can be used for free by everyone. Do you however need help to have it installed on-premise or setup in a cloud? We can do this installation for you, and fix any necessary modifications so that you have one thing less to worry about.

Learn more about SKF (Opens in new window)

Our service promise - Tailor made services for a perfect fit

We dont believe that every default approach works for every customer, we will listen carefully to your challenges and needs and offer a tailored solution that will go one step further than your expectations.

Contact Us

Work together

We are working with different types of organisations all over the world and having a lot of experience with Governments, Banks, Healthcare and the Military. Our goal is to listen to your needs and offer a tailor based solution for your specific need and then take it even a step further so you have one less thing to worry about.

How to contact us

Do not hesitate to get in touch if you feel our services could be useful to your organisation.

You can mail us at or call us at +254 606 707 942