Building and maintaining secure development processes
Stress testing services
Security assessment services
Security assessment services
Web applications
Mobile applications
Remote banking systems
Other information systems
Book a consultation
Pentesting
External IT infrastructure
Internal IT infrastructure
WiFi networks
Using social engineering methods
Book a consultation
Continuous Penetration Testing
Vulnerability and current threat monitoring of IT infrastructure
IT asset management and change monitoring
Continuous work of experts in risk analysis and modeling
Book a consultation
Load testing services
Performance Testing
Stability Testing
Stress Testing
Volume Testing
Book a consultation
Building and maintaining secure development processes
Consulting on building the SSDLC process
Implementation of security criteria and the SSDLC process
Supporting the existing secure development process
Virtual CISO
Book a consultation
Computer forensics
Incident response
Incident investigation
Recommendations for developing security policies
Book a consultation
CyberSec consulting & compliance
Building an information security management system (Compliance with ISO/IEC 27001 standard)
EAL4 (evaluation assurance level) applicable to GOST R ISO/IEC 15408 standard
Compliance with the requirements of the Bank of Russia regulations
Compliance with the Russian Federation Law No. 152 "On Personal Data"
Book a consultation
Why do companies trust Singleton Security?
Years of expertise
Singleton Security offers the best solutions thanks to in-depth understanding of the Russian information security market and practical expertise in cybersecurity across all major industries
Prompt response
Singleton Security has well-established project processes and task force teams for any type of task. Just one week from specs to project launch
Multitasking
Singleton Security can handle huge CyberSec problems due to the expertise of our team
Why do companies trust Singleton Security?
We offer you the best solutions thanks to in-depth understanding of the Russian information security market and practical expertise in cybersecurity across all major industries
Singleton Security has well-established project processes and task force teams for any type of task. Just one week from project specification to project launch!
Singleton Security can handle huge CyberSec problems due to the expertise of our team
We solve problems, not work for a paycheck. Our team solves the maximum number of problems possible, not the required bare minimum
Singleton Security's range of services satisfies a wide spectrum of CyberSec demands. We offer unconventional approaches to solving any non-trivial, complex, or localized task.
We provide comprehensive service support before a project, during the project and after it is accomplished. We also train our customers in different CyberSec aspects
We base our work on the best practices and WASC, NIST, OWASP regulations to guarantee compliance to the cutting-edge industry standards in our work
Singleton Security holds a license from the Federal Service for Technical and Export Control of Russia (FSTEC) to carry out work on technical protection of confidential information. All team members have international certificates in the field of cyber security.
Industry certificates
Singleton Security holds a license from the Federal Service for Technical and Export Control of Russia (FSTEC) to carry out work on technical protection of confidential information. All team members have international certificates in the field of cyber security.
Going above and beyond
We solve problems, not work for a paycheck. Our team solves the maximum number of problems possible, not the required bare minimum
Customer-driven approach
Singleton Security's range of services satisfies a wide spectrum of CyberSec demands. We offer unconventional approaches to solving any non-trivial, complex, or localized task.
Consultation support
We provide comprehensive service support before a project, during the project and after it is accomplished. We also train our customers in different CyberSec aspects
Work according to international standards
We base our work on the best practices and WASC, NIST, OWASP regulations to guarantee compliance to the cutting-edge industry standards in our work
Singleton Security – a team of leading CyberSec expert practitioners
15+ years of experience leading teams of auditors and penetration testers
200+ succesful diverse projects in information system and process auditing, comprehensive auditing, incident and fraud investigation, risk management, and internal control.
Specialization: web application and mobile cross-platform application development.
Technological stack: Flutter, Golang, Python, Ruby on Rails
Yaroslav Makarov
Application security analysis team specialist
Student at MTUCI, specializing in "Information Security of Telecommunication Systems"
Participant and winner of various information security competitions, including CTF
Naira Nurova
Analyst in the audit department of information security
More than three years of experience as an analyst, technology stack: JS, GS, Python
Participant in CTF competitions
Experience in developing web applications: interactive analytical dashboards, tracking systems
Specialization: analysis of attack vectors in web applications, analytics of vulnerability categories, analysis of business risks and identification of recommendations for improving the security level of the systems being studied
Detecting security flaws in web apps, e-commerce platforms, and other software
Detecting vulnerabilities in compliance with international verification standards
Detecting architectural features of applications that affect the security of business processes and operational results
Order
Mobile app security assesment
OWASP MASVS L1/L2/R mobile app assesment
Verification of the use of cryptographic systems
Analysis of the authentication system and session management
Evaluation of the level of security of network interaction and interaction with the operating system
Analysis of code quality and build settings (conducted as a separate "white box analysis" service)
Assessment of resistance to client-side attacks
Order
External penetration testing
port scanning and identification of services using them
identification of software and technologies in use
manual search and analysis of application vulnerabilities based on OWASP ASVS classification
exploiting vulnerabilities
analysis of results, vulnerability classification, and development of recommendations
Order
Secure development
consulting, support, and participation in secure development processes of company software products
assessment and analysis of the current status of company software products
implementation of automated analysis tools
Mapping the adoption of SSDL practices
Order
Red Teaming
Simulating a real APT group attack to evaluate the actual level of preparedness of company IT specialists and the reliability of information security systems
Order
Social engineering testing
Analysis of employee behavior and evaluation of their potential resistance to attacks using social engineering methods:
email phishing campaigns
targeted communication through social networks and messengers
personal calls (phone, Skype)
distribution of media with provoking data
evaluation of physical perimeter bypassing (covert copying of access control system keys)
Order
Local network penetration testing
Checking the maximum number of infrastructure nodes and demonstrating a possible compromise chain of the entire network infrastructure
connection to the selected network segment
analysis of traffic at the data link and network layers
instrumental scanning of internal network resources
searching for vulnerabilities on discovered resources
conducting network attacks, obtaining local and domain accounts, privilege escalation
analysis of results and preparation of recommendations
An extra assessment of the security of wireless Wi-Fi access points:
study of characteristics
obtaining encryption keys
hardware-based Wi-Fi access point attacks
installation of rogue access points
attacks on clients.
Order
Web app source code assesment
source code assesment for possible vulnerabilities and flaws influencing security and(or) app efficiency
assesment of the app build security level
Order
Express security assesment of any information systems for vulnerabilities
This service is done for quick & cheap demonstration of possible system or app data compromise risks for a customer
Order
Load testing
Comprehensive assesment of system performance
testing results:
determining maximum achievable performance indicators in line with demands for quality of service, response time and so on.
detecting possible service failure risks
Order
Employees' cyber security awareness assesment
assesment of the employees' cyber security awareness level and preparing recommendations on how to improve it
Order
CyberSec training
app security for developers
building secure IT infrastructure and preemptive cyber security
incident reaction for SOC operators and administrators
developing training programs tailored to your company
Order
Incident investigation
Identification of the source of attack on a company and investigation of the incident root causes. During the investigation, attack aftermath is eliminated and a number of prevention measures for similar incidents are formed
Order
Benefits of information system audit
Organize effective protection of the inner and outer perimeters
Audit will allow you to analyze how and with what type of attacks a violator can penetrate the system. As a result, you will be able to protect yourself from possible threats
Optimize security expenses
Compiling a ranked list of potential security threats to the company will allow you to focus efforts primarily on eliminating critical threats and prevent financial losses
Improve your reputation
Conduct regular audits of your security systems and minimize the risks of new threats. By establishing an effective defense system, you will be able to keep confidential data of the company, clients, and partners safe
Data theft and compromise
Harvesting personal data for unauthorized use
Data leaks
Uncontrollable data leaks beyond Company perimeter
Attacks on Web apps
to gain users' confidential data
Cyber Espionage
Gaining unauthorized, often illegal access to sensitive data for various purposes
Malware
Software that disrupts normal operation of computers and apps