Assessment services consists of a review of vulnerabilities that could be exploited by users to access a system. The assessment goal is to determine the existing implemented security controls.



A Vulnerability Assessment is an automatic process aimed at detection, quantification and classification of the vulnerabilities in a system, application or infrastructure. This process is useful to get a snap-shot of how exposed the target assets are to internal or external attacks. The final goal of the Vulnerability Assessment is to identify all of the existing weaknesses/exposures in order to fix, patch or mitigate them to prevent a potential compromise of the vulnerable asset.



The Network Penetration Test is a real-life simulation of an attack against networks, systems, hosts and/or network devices (ie: routers, switches, firewalls, ids/ips) in order to discover and exploit vulnerabilities, to gain access to the target. This process is usually carried out after the Vulnerability Assessment, and it is useful to understand which vulnerabilities can be successfully exploited and what is the impact of a successful exploitation on the target.



The Web Application Penetration Test is a real-life simulation of an attack against a website or more generally a web application. Like for the NPT, the main goal of a Web Application Penetration Test is to detect and exploit known vulnerabilities and/or business logic flaws in a web application in order to understand the impact that a successful exploitation can have on the target.



A Red Team Assessment is a particularly targeted penetration testing exercise, the main objective of this kind of assessment is to test the detection and resilience capabilities of the target organization against attacks. Therefore, the goal of a red team assessment is not to identify the largest number of vulnerabilities as possible, but to take control over the target organization in a stealthy way. For this reason, the scope of a red team assessment includes not only the network infrastructure or applications, but also employees, internal procedures, physical security, domotics and surveillance systems.



Wireless technologies are widely used today in different fields of application, misconfigurations and/or bad implementations can lead to unauthorized access to sensitive information or network. The Wireless Assessment Service proposed by Hacktive Security is a comprehensive assessment of all of the most widespread wireless technologies in use today, including Wi-Fi, Bluetooth, ZigBee RFID and NFC.



Based on our expertise on field, working together with high profile companies and government agencies, our Security Intelligence offer includes services and products to enable customers to collect, aggregate, analyze and correlate information in order to define the best security intelligence strategy both for civilian and military organizations. We also provide technologies for homeland security to Law Enforcement Authorities.



The rising popularity of IoT technologies and the wide diffusion of connected “intelligent” devices have caught the attention of the cybercrime organizations. Our IoT Penetration Testing Service, is a comprehensive assessment of any kind of “smart” device such as, automotive control units, domotics gateways, healthcare devices, smart grids. Our IoT security assessment methodology includes but it is not limited to: threat modelling, reverse engineering and analysis of firmware and proprietary communication protocols, cloud interactions analysis and hardware based exploitation.



Our integrated mobile security assessment service is designed to cover all the security needs connected with the usage of mobile/embedded devices within an organization. Mobile Phone and tablet applications, kiosks or any other kind of mobile devices are typical targets of this kind of assessment. Our expertise and commitment in this field is also confirmed by the disclosure of vulnerabilities affecting several best-seller mobile applications (for more information, visit our blog *LINK*).



The main objective of Digital Forensic Services is to identify and resolve incidents that can negatively impact business or reputation, including Malware Infections, Unauthorized Access, Compromise of Confidential Data, Intellectual Property Theft, Policy Violations, Corporate Espionage, etc. A correct handling of a forensics investigation is a key point of any computer crime. Forensics analysts are required to gather digital evidence using approved legal and technical methodologies. It is mandatory to examine data, extracting key evidence while preserving integrity further they need to be prepared to communicate key information with top management and report evidence in civil or criminal courts. We provided digital forensics services to Companies, Law Enforcement and Law Firms.