Is your data secure?
Locate potential data breach points.
Order vulnerability assessment now
Order vulnerability assessment now
Is your data secure?
Locate potential data breach points.
Order vulnerability assessment now
Order vulnerability assessment now
Order assesment
By pressing the button you agree with the Privacy Policy
Order a service
By pressing the button you agree with the Privacy Policy
Book a consultation
By pressing the button you agree with the Privacy Policy
Book a call
Fill in the contacts and we will get back to you
By pressing the button you agree with the Privacy Policy
Singleton security team progress in 12 months
150+ vulnerability assessments
Found 1100+ vulnerabilities, 20% of which are critical
Trained over 850 devs in CyberSec practices
Competencies
Continuous monitoring
Pentesting
Security assessment services
Computer forensics
CyberSec consulting & compliance
Building and maintaining secure development processes
Stress testing services
CyberSec consulting & compliance
- Building an information security management system (Compliance with ISO/IEC 27001 standard)
- EAL4 (evaluation assurance level) applicable to GOST R ISO/IEC 15408 standard
- Compliance with the requirements of the Bank of Russia regulations
- Compliance with the Russian Federation Law No. 152 "On Personal Data"
Why do companies trust Singleton Security?
Years of expertise
Singleton Security offers the best solutions thanks to in-depth understanding of the Russian information security market and practical expertise in cybersecurity across all major industries
Prompt response
Singleton Security has well-established project processes and task force teams for any type of task. Just one week from specs to project launch
Multitasking
Singleton Security can handle huge CyberSec problems due to the expertise of our team
Why do companies trust Singleton Security?
We offer you the best solutions thanks to in-depth understanding of the Russian information security market and practical expertise in cybersecurity across all major industries
Singleton Security has well-established project processes and task force teams for any type of task. Just one week from project specification to project launch!
Singleton Security can handle huge CyberSec problems due to the expertise of our team
We solve problems, not work for a paycheck. Our team solves the maximum number of problems possible, not the required bare minimum
Singleton Security's range of services satisfies a wide spectrum of CyberSec demands. We offer unconventional approaches to solving any non-trivial, complex, or localized task.
We provide comprehensive service support before a project, during the project and after it is accomplished. We also train our customers in different CyberSec aspects
We base our work on the best practices and WASC, NIST, OWASP regulations to guarantee compliance to the cutting-edge industry standards in our work
Industry certificates
Singleton Security holds a license from the Federal Service for Technical and Export Control of Russia (FSTEC) to carry out work on technical protection of confidential information. All team members have international certificates in the field of cyber security.
Going above and beyond
We solve problems, not work for a paycheck. Our team solves the maximum number of problems possible, not the required bare minimum
Customer-driven approach
Singleton Security's range of services satisfies a wide spectrum of CyberSec demands. We offer unconventional approaches to solving any non-trivial, complex, or localized task.
Consultation support
We provide comprehensive service support before a project, during the project and after it is accomplished. We also train our customers in different CyberSec aspects
Work according to international standards
We base our work on the best practices and WASC, NIST, OWASP regulations to guarantee compliance to the cutting-edge industry standards in our work
Singleton Security – a team of leading CyberSec expert practitioners
250+ penetration tests in three years
Egor Bogomolov
Founder and CEO
Certificates:
- 10+ years of experience in the field of information security and 2 higher education degrees
- Active participant in cybersecurity expert communities in Russia
- Speaker at major industry events
- Captain of the winning team in major Russian cybersecurity tournaments
Certificates:
Konstantin Kostenyevskiy
Head of Information Security Audit Department
- 15+ years of experience leading teams of auditors and penetration testers
- 200+ succesful diverse projects in information system and process auditing, comprehensive auditing, incident and fraud investigation, risk management, and internal control.
Pavel Sorokin
Сhief Technical Officer
- Over 14 years of experience in the field of information security, including protection of internal systems of large Russian companies
- Specialization: web application security analysis, external penetration tests, security analysis and protection of development and CI/CD systems.
- Speaker at major industry events
- Member of the winning team of the largest Russian cybersecurity tournaments
- Author of a telegram channel about practical information security @naryl_sec
Anastasiya Kryuchkova
Senior application security analysis team specialist
- Professional in the field of web application security analysis.
- Specializes in projects involving code analysis, external penetration testing, and web and mobile application security analysis.
- Industry specialization: credit and financial organizations, commercial companies, government institutions, manufacturing sector, etc.
- Member of winning teams in major Russian cybersecurity tournaments
Petr Pokamestov
Project manager
- Expert in Digital Forensics and eDiscovery
- Developer of corporate training programs in Cybersecurity for non-technical staff
- Creator of employee training programs and strategies for combating digital threats, including phishing
- Lecturer at Bauman Moscow State Technical University
- Manager of Information Security and Digital Forensics
- Nuix Discover Certification Exam v.10.4;
- Corporate Investigations with Belkasoft
- Incident Investigations with Belkasoft
- Paraben’s Device Seizure Mobile Operator
- Paraben’s P2C Certified Operator
Maksim Bragin
Chief application security analysis team specialist
Certificates:
- 1100+ projects in web application and external infrastructure security analysis
- Participant in CTF competitions
- Member of the winning team in The Standoff competitions as part of the True0xA3 team
- Participant in Bug Bounty programs (VK, Yandex, Google), Hackerone
Certificates:
Tatyana Semyonova
Chief Operating Officer
- Expert in software asset management and corporate licensing
- Author of a methodology for conducting license audits in partnership with Microsoft Corporation
- Author of proprietary courses
- Information Security Manager
- Certified expert in software asset management (SAM)
- Microsoft Certified Professional (MCP, MS, MTA)
- Microsoft Certified Technology Specialist (MCTS)
- Certified Expert Practitioner (CEP)
- Data Protection Officer (DPO)ex
Evgeny Kopytin
Application security analysis team specialist
- Specialization: Penetration testing of external IT infrastructure and web applications
- Member of the CTF team "Binary Bears"
- Lecturer at "MTUCI_CTF"
- Developer of tasks for "MCTF Junior 2022"
Artyom Komarskii
Senior IT infrastructure security analysis team specialist
Certificates:
- Specialization: external and internal IT infrastructure penetration testing
- Experience in investgating cyber incidents
- Member of The Standoff winning team True0xA3
Certificates:
Dmitry Molokovich
Junior application security analysis team specialist
- Researcher in program protection, AV/EDR bypass methods
- Participant of The Standoff 365 competition as part of the SPbCTF team
- Participant of the FaKappa CTF team
Matvey Serdyukov
Application security analysis team specialist
- Participant and winner of information security competitions, including CTF.
- Developer of tasks for the Junior Information Security Olympiad "Ugra CTF".
Aleksandr Paltsev
Senior app security analysis specialist
- 10+ CyberSec experience
- Ex-CISO of large companies of the VTB Group, SK Soglasie
- Professional interests: pentesting, incident investigation, system programming
Georgiy Kryuchkov
Software development team lead
- Specialization: web application and mobile cross-platform application development.
- Technological stack: Flutter, Golang, Python, Ruby on Rails
Yaroslav Makarov
Application security analysis team specialist
- Student at MTUCI, specializing in "Information Security of Telecommunication Systems"
- Participant and winner of various information security competitions, including CTF
Naira Nurova
Analyst in the audit department of information security
- More than three years of experience as an analyst, technology stack: JS, GS, Python
- Participant in CTF competitions
- Experience in developing web applications: interactive analytical dashboards, tracking systems
- Specialization: analysis of attack vectors in web applications, analytics of vulnerability categories, analysis of business risks and identification of recommendations for improving the security level of the systems being studied
Maksim Bragin
Chief application security analysis team specialist
Artyom Komarskii
Senior IT infrastructure security assesment team specialist
Dmitry Molokovich
Junior application security assesment specialist
Matvey Serdyukov
Application security analysis team specialist
Georgiy Kryuchkov
Software development team lead
Aleksandr Paltsev
Senior application security assesment specialist
Yaroslav Makarov
Application security analysis team specialist
Naira Nurova
Analyst in the audit department of information security
Industry events & contests
The Standoff 2023 (second place) part of the True0xA3 team, November 2023
The Standoff 2023 (second place) part of the True0xA3 team, May 2023
The Standoff Taks, Moscow 2023 “Yandex Bug Bounty experience”
The Standoff 2022 (second place) part of the True0xA3 team, May 2022
Volga CTF 2022, September 2022 “Real-world vulnerability detection in image parsers”.
The Standoff 2021 (second place) part of the True0xA3 team, November 2021
OFFZONE Moscow 2022, August 2022; "Specifics of security assessments of modern web apps"
The Standoff 2021 (first place) part of the True0xA3 team, May 2021
BI.ZONE Bug Bounty Meetup, July 2022; "BugBounty no-code automation in five minutes"
IDS Bypass (Third place), May 2019
The Standoff Moscow 2021, November 2021 "Evolution of EDR and antivirus bypass means" winner of the popular vote
Wallarm & Qiwi HackQuest winner, June 2018
PHDays 2021, Маy 2021 “A Journey to Internaland or a Nightmare for a network administrator with Active Directory”
Competitive Intelligence (third place)
OWASP Moscow Meetup #9, "Security testing of GraphQL", December 2019.
June 2018 — DelfHack winner, May 2018
OFFZONE Moscow 2019, June 2019 "Attacks on Android Activity & Intents"
Participation in BugBounty platforms: Yandex Hall of Fame, HackerOne, BugCrowd, Google VRP, Intigrity, Immunefi.
PHDays 2019, "Underappreciated vulnerabilities of modern Android apps", May 2019.
Singleton Security: CyberSec threat assesment & consulting services
Order service
Order service
Order service
Order service
Web app security
assesment
assesment
Order service
Mobile app security assesment
Red Teaming
Local network penetration testing
Social engineering
Secure developement
Order service
Order service
Order service
Order service
Order service
Order service
Outer network perimeter penetration testing
Web app source code assesment
Evaluation of employees' CyberSec awareness
Express security assesment of any information systems for vulnerabilities
CyberSec training
Incident investigation
Load testing
Red Teaming
Social engineering
Secure development
Web application security assessment
- Detecting security flaws in web apps, e-commerce platforms, and other software
- Detecting vulnerabilities in compliance with international verification standards
- Detecting architectural features of applications that affect the security of business processes and operational results
Mobile app security assesment
- OWASP MASVS L1/L2/R mobile app assesment
- Verification of the use of cryptographic systems
- Analysis of the authentication system and session management
- Evaluation of the level of security of network interaction and interaction with the operating system
- Analysis of code quality and build settings (conducted as a separate "white box analysis" service)
- Assessment of resistance to client-side attacks
External penetration testing
- port scanning and identification of services using them
- identification of software and technologies in use
- manual search and analysis of application vulnerabilities based on OWASP ASVS classification
- exploiting vulnerabilities
- analysis of results, vulnerability classification, and development of recommendations
Social engineering testing
Analysis of employee behavior and evaluation of their potential resistance to attacks using social engineering methods:
- email phishing campaigns
- targeted communication through social networks and messengers
- personal calls (phone, Skype)
- distribution of media with provoking data
- evaluation of physical perimeter bypassing (covert copying of access control system keys)
Local network penetration testing
Checking the maximum number of infrastructure nodes and demonstrating a possible compromise chain of the entire network infrastructure
An extra assessment of the security of wireless Wi-Fi access points:
- connection to the selected network segment
- analysis of traffic at the data link and network layers
- instrumental scanning of internal network resources
- searching for vulnerabilities on discovered resources
- conducting network attacks, obtaining local and domain accounts, privilege escalation
- analysis of results and preparation of recommendations
An extra assessment of the security of wireless Wi-Fi access points:
- study of characteristics
- obtaining encryption keys
- hardware-based Wi-Fi access point attacks
- installation of rogue access points
- attacks on clients.
Benefits of information system audit
Organize effective protection of the inner and outer perimeters
Audit will allow you to analyze how and with what type of attacks a violator can penetrate the system. As a result, you will be able to protect yourself from possible threats
Optimize security expenses
Compiling a ranked list of potential security threats to the company will allow you to focus efforts primarily on eliminating critical threats and prevent financial losses
Improve your reputation
Conduct regular audits of your security systems and minimize the risks of new threats. By establishing an effective defense system, you will be able to keep confidential data of the company, clients, and partners safe
Data theft and compromise
Harvesting personal data for unauthorized use
Data leaks
Uncontrollable data leaks beyond Company perimeter
Attacks on Web apps
to gain users' confidential data
Cyber Espionage
Gaining unauthorized, often illegal access to sensitive data for various purposes
Malware
Software that disrupts normal operation of computers and apps
Phishing
Internet Fraud to gain users’ confidential data
What threats do companies face?
Zero-day vulnerability
A vulnerability in a computer system that was previously unknown to its developers or anyone capable of mitigating it
DDos attacks
An attack on a computer network to make it fail
Web-attacks
Fraud using web-systems and services as the attack direction
Botnet
A computer network of a number of hosts with running bots
Ransomware
Malware for money extortion blocking the access to the computer network
Spam
Continuous stream of messages with meaningless content, ads and viruses
AI-generated fake videos
Takeover of one’s device to mine cryptocurrency
AI deepfakes
Cryptojacking
Attacks on Web apps
to gain users' confidential data
Cyber Espionage
Gaining unauthorized, often illegal access to sensitive data for various purposes
Phishing
Internet Fraud to gain users’ confidential data
Reputation loss
Failing to take prompt measuring to handle a breach results in lower customer loyalty, bad media rep, thus leading to poor business operations
Government fines
The Russian government is well under way to pass a bill on turnover-percentage-based fines for personal data leaks. The fine for a legal entity can be as high as 5 to 500 M rubles
What damage may be incurred to your business?
Money loss
Companies may spend up to 50% of the revenue on damage control. Full recovery may take from two to seven days’ worth of downtime
Lawsuits
The number of compensation of lawsuits for data leaks leading to fraud is up by 60% in two years. The liable party (the defendant) are the data handling operators
What damage may be incurred to you business?
Companies may spend up to 50% of the revenue on damage control. Full recovery may take from two to seven days’ worth of downtime
Failing to take prompt measuring to handle a breach results in lower customer loyalty, bad media rep, thus leading to poor business operations
The Russian government is well under way to pass a bill on turnover-percentage-based fines for personal data leaks. The fine for a legal entity can be as high as 5 to 500 M rubles
The number of compensation of lawsuits for data leaks leading to fraud is up by 60% in two years. The liable party (the defendant) are the data handling operators
Singleton Security project pipeline
Acquiring
input data
input data
Acquisition and validation of the Customer input data
1
Compromise Scenarios
Creating possible application compromise scenarios using the collected data to demonstrate potential threats and security risks
Support
Providing advisory support based on the results of the security audit, assisting with implementing recommendations, and rechecking the vulnerability fixes
Preparation
Studying the test object, gathering information about the target, coordinating additional information obtained during the investigation
Penetration testing / security assesment
Investigating the business logic of the application, identifying "weak spots" in application mechanisms, searching for vulnerabilities, and preparing exploitation examples
Criticality Analysis
Identifying critically dangerous potential threats and developing a step-by-step plan to mitigate them
Recommendation Development, Report Formation
Providing an audit report with practical recommendations for reducing cybersecurity risks
2
3
6
5
4
7
Singleton Security project pipeline
Acquisition and validation of the Customer input data
Studying the testing object, gathering information about the target, coordinating additional information obtained during the investigation
Investigating the business logic of the application, identifying "weak spots" in application mechanisms, searching for vulnerabilities, and preparing exploitation examples
Creating possible application compromise scenarios using the collected data to demonstrate potential threats and security risks
Identifying critically dangerous potential threats and developing a step-by-step plan to mitigate them
Providing an audit report with practical recommendations for reducing cybersecurity risks
Providing advisory support based on the results of the security audit, assisting with implementing recommendations, and rechecking the vulnerability fixes
PTES
Penetration Testing Execution Standard: approaches and guidelines for the main aspects of testing
OSSTMM
Open-Source Security Testing Methodology Manual, describes the visual representation of major security categories
ISSAF
Information Systems Security Assessment Framework, standard for technical assessment of security aspects in applications, information systems, and networks; describes security audit measures
WASC
Web Application Security Consortium, classification of vulnerabilities and attack classes leading to compromis
NIST 800-115
Open Web Application Security Project, a list of the most critical security risks for web and mobile applications according to the global expert community
PCI DSS
Payment Card Industry Data Security Standard, international standard for data security and protection of payment cards
CIS standards
Set of indicators, methods, and recommendations for assessing the security of IT systems
CVSS
Singleton Security
practices
practices
Common Vulnerability Scoring System, an open standard for assessing the severity of vulnerabilities
MITRE ATT&CK
Adversarial Tactics, Techniques, and Common Knowledge, used for risk assessment, prioritization, and defense efforts
Methodology PETA
Project-oriented approach to testing information systems
OWASP
Standard for developing, implementing, and maintaining testing processes and procedures
PTES
Gray, White and Black box
NIST 800-115
Standard for key security testing elements
OWASP
List of top CyberSec risks for Web and mobile apps compiled by the worldwide expert community
ISSAF
Standard for assesting applications, systems and network controls
MITRE ATT&CK
Adversarial Tactics, Techniques, and Common Knowledge, used for risk assessment, prioritization, and defense efforts
CVSS
Open Industry standard for vulnerability assesment
PCI DSS
International bank card data security standard
CIS standards
Set of indicators, methods and recommendations for IT systems' security assesment
ISSAF
Singleton Security
Practices
Standard of CyberSec assesment in apps, information systems and networks, describes CyberSec audit activities
WASC
Classification of faults and classes of attacks leading to web app being compromized
NIST 800-115
Standard for developing, deployment and maintenance of testing pipelines
PETA Methodology
Method of project-based approach to testing information systems
Penetration Testing Execution Standard
The Open Source Security Testing Methodology Manual
Information System Security Assessment Framework
Web Application Security Consortium) Threat Classification
Open Web Application Security Project
Payment Card Industry Data Security Standard
Center for Internet Security
Common Vulnerability Scoring System
Largest Russian Companies partner with Singleton Security
You can trust their choice
Any questions?
Book a free consultation now!
Book a free consultation now!
By pressing the above button you agree with the Privacy Policy
