Hacking Test

IS YOUR WEBSITE SECURE FROM HACKER'S?

Do A Hacking Test To Verify It

0
%
Cyber Attack Is Caused By Hacking
0
Websites Hacked Daily
0
%
Websites Are Easy To Hack

The Risks If Your Site Is Hacked:

  • Lost Of Critical Information

    Includes Personal Data, Company Information, Email and Databases.
  • Financial Lost

    Stolen Of Confidential Financial Data’s and Sensitive Credit Cards Details.
  • Server Or Network Downtime

    Risk Of Unauthorized Access To System. Causing Manipulated System Infrastructure.
  • Brand Damage

    Lost Of Customer’s Confidence. Lost Of New Potential Customer’s.

An Early Assessment (Hacking Test) Can Prevent Websites From Being Hacked

Prevention Is Better Than Damage Control/Rectification Works Caused By Hacked Websites


WE PROVIDE HACKING TEST SERVICES

100% SAFE & SECURE

No login or password required. No confidential data is collected.

BOOST SECURITY

Increase the security of website & network from being hacked

CERTIFIED TESTERS

All tests is simulated manually. Provides accurate results.

REMOTE TESTING

Testing is done via online. All test requires only IP address.

SCREEN CAPTURE

Vulnerable issues will be screen captured. Evidence based reporting.

FRIENDLY REPORT

Reporting of issues is simplified for easy understanding. Simple as 1 2 3.

PDF REPORTING

Report in PDF format. Downloadable. Read anywhere by any device.

CUSTOMER SUPPORT

Email support. Dedicated & professional service team.

OUR PLANS & PRICING

All Plans Is Suitable For Personal Website, Company Website, E-commerce Website, Portals & Government Websites
No hidden cost. No additional cost.

WE OFFER TWO TYPES OF TESTING:

Network Penetration Testing: Test the security of a website (with an online / without an online business presence) such as website, SMTP mail server, staff remote VPN access, Extranet portal etc.

Web Application Penetration Testing: Test the security of a website (with an online / without an online business presence) for commonly abused vulnerabilities, such as SQL injection, XSS cross-site scripting, authentication bypass, information disclosure issues etc.

PACKAGE 1

Network Penetration Testing
USD 2,990 PER TEST

One Website with 1-100 pages
For up to 3 IP address only
One Time Test
14-30 Days Testing
Internal or External Penetration Testing
Including Subdomain Testing
Vulnerability Assessment
Advanced Manual Exploitation
Testing Behind Authentication
OSSTMM Methodology
Comprehensive report with Proof of Concept (POC)
Post Penetration Testing Consultation
Email Support for Vulnerabilities Fixing
Identified Vulnerabilities Retest
PDF reports

PACKAGE 2

Web Application Penetration Testing
USD 2,990 PER TEST

Web Application up to 100 pages
For up to 3 IP address only
One Time Test
14-30 Days Testing
Host & Database Security Assessment
Vulnerability Assessment
Advanced Manual Testing
Testing Beyond WAF/IPS
OWASP Top 10 Testing
WASC 26 Classes Testing
Comprehensive report with Proof of Concept (POC)
Post Penetration Testing Consultation
Email Support for Vulnerabilities Fixing
Identified Vulnerabilities Retest
PDF reports

PACKAGE 3

(Package 1 + Package 2)
USD 5,590 PER TEST

Website & Web Application up to 200 pages
For up to 6 IP address only
One Time Test
14-60 Days Testing
Internal or External Penetration Testing
Including Subdomain Testing
Vulnerability Assessment
Advanced Manual Exploitation
Testing Behind Authentication
OSSTMM Methodology
Host & Database Security Assessment
Testing Beyond WAF/IPS
OWASP Top 10 Testing
WASC 26 Classes Testing
Comprehensive report with Proof of Concept (POC)
Post Penetration Testing Consultation
Email Support for Vulnerabilities Fixing
Identified Vulnerabilities Retest
PDF reports

We use 128 bit SSL secure encryption. All transaction is safe & secure.
Pay securely via PayPal. Pay with a credit card / debit card. No Paypal account required.

THE PROCESS FLOW

Step 1 – Step 2 – Step 3

STEP 1

Day 1
  • Customer purchase suitable plan
  • PayPal sends email to customer on payment status
  • After payment is cleared, we send an email for several info required e.g. Hacking Test scheduling, domain name, IP address etc
  • Customer confirms back by emailing the info required and confirming on test schedule

STEP 2

Day 2 - Day 13
  • Our security engineer will configure our internal settings for the testing works
  • Duration of the test depends on type of package purchased
  • A permission email is sent before we perform the Hacking Test for verification
  • We carry out the Hacking Test once customer acknowledged our email

STEP 3

Day 14 - Day 60
  • Hacking Test completed
  • Day of the test completed dependable on type of package purchased
  • We send an email notification to update status
  • Detailed PDF report will be provided to customer for download
  • Advisable that any reported vulnerabilities to be looked into immediately

ADDITIONAL INFORMATION

What Client Must Provide

Please provide us the following:

  • Hacking Test/Penetration Testing approval by website/company stakeholders
  • Contact details of key personnel (e.g. name, department, role, email address, mobile number, office number )
  • IP address
  • Previous Hacking Test/Penetration Testing/Vulnerabilities reports (if any)
  • Prohibited test (if any, e.g. Denial of Service test etc)
  • Others (requested later in other stages of test)

Testing Works Duration

PACKAGE 1, Network Penetration Testing : 14-30 days
PACKAGE 2, Web Application Penetration Testing : 14-30 days
PACKAGE 3, Package 1 + Package 2 : 14-60 days

 

  • Duration is estimate only based on standard testing works.
  • Duration can be longer if client do not/late provide the required information (e.g. Hacking Test/Penetration Testing approval by website/company stakeholders, Contact details of key personnel, IP address etc. Please refer section ‘What Client Must Provide’ above).
  • We are not responsible for late testing works due to clients late response in providing the required mentioned requirements.

Language

All original report will be in English language. For translation, additional fee will be charged accordingly.

Terms & Condition

GENERAL

  1. Where not specified, pricing is exclusive of VAT /GST. All prices are GST exclusive and are in United States Dollars (USD). The Goods and Services Tax (GST) of 6% will be applied to the total price where the Client is a Malaysia resident, corporation or otherwise Malaysia entity where GST applies. Non-Malaysia entities are GST exempt however the currency remains USD.  
  2. Acknowledgment and acceptance of this proposal is made by you placing an order within the specified period above, at which time you will be bound by these terms and conditions. Each proposal accepted shall constitute an individual legally binding contract between you and us. Such contract is hereinafter referred to in these terms and conditions as “an order”.
  3. Penetration Testing may constitute an Offence under Malaysian law, International law and local jurisdictions. A signed legal contact is required prior to commencement of the Penetration Test, which will be requested once an application and payment is successfully processed and authority to request such a test has been verified.
  4. RM Computer Security Sdn Bhd reserves the right to refuse to provide the Service for any reason, including but not limited to; where the Client application appears to be fraudulent, technical resources are not available, or for any other reason. In such an event the payment will be refunded.
  5. Any intellectual property developed by RM Computer Security Sdn Bhd during the Service vests in RM Computer Security Sdn Bhd, and the Client is granted a non-exclusive, perpetual license.
  6. No addition, alteration, substitution or waiver of these terms and conditions will be valid unless expressly accepted in writing, by us or a person authorized to sign on our behalf.
  7. Nothing in these terms and conditions and proposal shall prejudice any condition or warranty expressed or implied, or any legal remedy to which we may be entitled in relation to the goods / and or the work that is subject of this order.
  8. If after our initial assessment any further work is necessary and this causes an increase in costs we will send you a further proposal giving details of the extra costs and will only proceed with the works once your written acceptance has been received.
  9. You will permit us during normal working hours to carry out services defined in the proposal and thereafter to undertake the services according to the program set out in the proposal.
  10. You will obtain all permissions and consents, which are required before any security testing services can commence.
  11. You acknowledge that prior to commencement of the services, key staff, third parties, security testing authorization form and other scoping information must be made available.
  12. No guarantee of availability can be made until payment, a valid purchase order and signed agreement is received.
  13. Hacking Testing (a.k.a. Penetration Testing) will be scheduled and delivered in the date specified within the proposal.  Penetration tests are non-refundable, non-transferable and will be carried out in accordance with the proposal.
  14. Upon payment and application being successfully received, and legal Contract signed, we will endeavour to provide the Service and Report works within the stipulated proposed time frame (within 24 hours; same or next business day until the 30th days – depending on type of test to be conducted).
  15. Upon completion of the Hacking Tes t/ Penetration Test / Vulnerability Audit / Web Application Security Test (Service), a Report document will be issued to the Client in the form of an encrypted PDF document (or other file format as agreed) via e-Mail.
  16. A bound, hard copy of the Report may be requested by the Client. This service will attract an additional fee depending on the number of hardcopies requested and courier / postage costs (estimated to be between USD100 and USD200).
  17. We reserve the right to claim statutory interest at 8% above the Bank Negara Malaysia base rate for late payment in accordance with the Financial Services Act 2013.
  18. We will not be liable for any consequential loss or damage caused directly or indirectly by any defect or otherwise howsoever caused.
  19. RM Computer Security Sdn Bhd liability is limited to the sum of Fees paid by the Client.
  20. If any part of these terms and conditions are found to be unlawful, it shall not affect the validity or enforceability of the remaining clauses. These terms and conditions shall be construed in accordance with the laws of Malaysia and shall be subject to the exclusive jurisdiction of the Malaysia courts.
  21. We reserve the right to alter these terms and conditions, or modify (or cease) to provide the Service without notice (however we will make a reasonable attempt to notify you where possible). In such an event where the Service is no longer suitable to the Client, we will provide the Service under the terms and conditions at the time the Contract was entered into, provide a refund, or negotiate an alternative solution.

TEST AUTHORIZATION

  1. Upon acceptance of our proposal, you hereby give RM Computer Security Sdn Bhd employees and contractors permission to access computer systems and/or networks as specified by you, and as understood under the terms of the Malaysian Computer Crimes Act 1997 and any local applicable laws. This permission includes the right to full access to these devices, including introduction and deletion of code and/or data. You confirm that any other relevant third parties have been informed and that such third parties have given permission for RM Computer Security Sdn Bhd to access aforementioned systems.
  2. Immediately and upon request, you agree to provide unrestricted access and open up all necessary firewall rules, or provide remote access credentials to enable the testing of any restricted systems in scope, and to disable IPS/IDS rules that could affect our source IP addresses.
  3. You confirm the above scope is accurate for the purposes of any NHS IG Toolkit, ISO 27001, PCI DSS or Compliance testing, and any systems omitted from scope, for whatever reason, will be subject to a separate proposal and costs.
  4. You acknowledge that if systems are not available to test between the above start/end testing dates, testing may need to be rescheduled, subject to a further proposal and costs.
  5. You agree that all third parties involved with the management and support of the above assets will be informed and will fully co-operate with any test requirements.
  6. You agree to test any application test harnesses, remote access systems, user accounts and test credit cards (end-to-end), prior to handover to RM Computer Security Sdn Bhd, where these are prerequisite to the tests taking place.
  7. If any authenticated testing is required (for example, testing from the perspective of a user logged into a web application), then appropriate credentials must be supplied to RM Computer Security Sdn Bhd prior to test commencing. Any non-working test systems/accounts may result in test reschedule.
  8. Systems must be available for testing from 08:00 on the start date, through to 18:00 on the finish date. Any time restrictions must be notified to RM Computer Security Sdn Bhd and agreed in writing prior to tests commencing.
  9. You confirm that RM Computer Security Sdn Bhd are authorised to act as a Data Processor for all categories of personal data collected by RM Computer Security Sdn Bhd during the course of this test, without notification to the Information Commissioner under the terms of the Personal Data Protection Act 2010 and any applicable laws.
  10. You acknowledge that no deliberate Denial of Service testing will be performed; however there may be disruption to service whilst tests are carried out.
  11. You acknowledge that in order for RM Computer Security Sdn Bhd to perform these tests, we will undertake checks to ensure you are authorized to conduct testing on the supplied assets.  This involves checking DNS and IP allocation records.  Testing may be delayed should authorization not be readily provable.
  12. The signatory whom agrees to the above confirms he/she has relevant authority to sign on behalf of the company and agrees to the above.

Among Our Clients:

University Putra Malaysia
University Malaya
National University of Malaysia
MR Food Creations
Kementerian Komunikasi dan Multimedia
Islamic Relief Malaysia
GreenFinite (M) Sdn Bhd
Bank Rakyat

What Is A Hacking Test?

A Hacking Test will provide an in-depth assessment of your current website security. An assessment can prevent websites from being hacked; by providing findings & information on security flaws and furthermore proposing safety mitigation. 

Our Hacking Test is an ethical hacking based on standard Penetration Testing methods. Our Hacking Testing methodologies adhere to industry standards such as Open Source Web Application Security Project (OWASP).

All Hacking Tests will be carried out by our skilled, certified and experienced security engineers. Test will be conducted manually & computerized.

Our tests will perform a detailed risk assessment on the vulnerabilities found and provide report based on scoring system CVSS (Common Vulnerability Scoring System).

Frequently Asked Questions

What Is A Hacking Test?

A Hacking Test a.k.a Penetration Testing identifies your websites security weaknesses the same way an attacker would — by hacking it. This enables organizations/personnel’s to better understand and ultimately minimize the risk of their website being hacked. During a Penetration Testing, we perform an assessment on all assets accessible from the Internet. In this way we are evaluating your website security from the perspective of an outsider trying to look in.

Is Hacking Test The Same As Other Penetration Testings?

There are many names mentioned for this type of security service. Several names are Network vulnerability assessment, network audit, network vulnerability scan, network penetration testing. They all actually mean the same thing.

Who Needs A Hacking Test?

Every website needs a Hacking Test. This includes & not limited to personal website, company website, E-commerce website, portals & government websites. A Hacking Test can ensure that a particular website/network is safe from threat of hacker’s.

What Is The Benefit?

By undergoing a hacking test, you will be provided with an in-depth assessment of your current website/network security. An assessment can prevent websites/networks from being hacked; by providing findings & information on security flaws and furthermore proposing safety mitigation. 

Is It Safe?

YES, it is 100% safe and secure. No confidential data will be collected. No login or password required. All test requires only IP address. Our security engineer’s are testing your network from outside your organization/system. All testing will follow the ethical hacking based on standard Penetration Testing methods. Our Hacking Testing methodologies adhere to industry standards such as Open Source Web Application Security Project (OWASP). All hacking tests will be carried out by our skilled, certified and experienced security engineers.

Where Is The Testing Be Hosted?

We are a host-based (on a server) outside your network. We do not perform the test via your network. The service checks your website/network via the Internet – much like a hacker would try to break into your website/network from the outside. This gives you a realistic & accurate analysis of your network vulnerabilities.

How Long Does The Hacking Testing Takes?

It is dependable on the total website pages. For website with 1-15 pages, it take 5-days testing. For website with 1-500 pages, it take 21-days testing.

What Do I Get After The Hacking Test?

Upon completion of the assessment, we shall provide a single electronic report deliverable. The report will provide an analysis of the current state of the assessed security condition. The report will identify areas that need to be resolved in order to achieve an adequate level of security.

What Type Of Testing Do You Do?

Our Network Security Test follows documented security testing methodologies which can include:

  • Blackbox Test
  • Whitebox Test
  • Directory Traversal Web
  • Parameter tampering
  • XSS Testing
  • Path Disclosure
  • Cross Site Request Forgery
  • Injection Flaw
  • Cookie Poising
  • Malicious File Execution
  • Obfuscation Application
  • Authentication Hijacking
  • Broken Session Management
  • Denial Of Service Attacks
  • Port Scanning Attack
  • SQL Injection Attacks
  • Web App/Srv Buffer Overflow
  • Google Hacking
  • Phishing Attacks
  • Network Services Attack
  • Identity Spoofing Attacks
  • Router Based Botnet Attacks
  • Firewall/IDS/IPS Attacks
  • OS Attacks & Web Server
  • Patient Data Disclosure
  • RCE Attacks
  • LFI/RFI Attacks
  • Nessus Pro Scanner
  • Metasploit Pro Scanner
  • Vuln Disco Pack Scanner
  • Agora Pack Scanner
  • Acunetix Wep Vuln Scanner
  • Immunity Canvas Framework
  • Nmap Scanner
  • Server Security Pack
  • Advanced Vulnerability Scan
  • Internal Network Scanning
  • Port Scanning
  • System Fingerprinting
  • Services Probing
  • Exploit Research
  • Manual Vulnerability Testing and Verification
  • Manual Configuration Weakness Testing and Verification
  • Limited Application Layer Testing
  • Firewall and ACL Testing
  • Administrator Privileges Escalation Testing
  • Password Strength Testing
  • Network Equipment Security Controls Testing
  • Database Security Controls Testing
  • Internal Network Scan for Known Trojans
  • Third-Party/Vendor Security Configuration Testing

How Frequent To Do The Hacking Test?

We recommend for a monthly test or every 3 month interval. As new security issues and flaws with different products are made public on a daily basis; it is important to carry out regular checks in order to maintain a secure website/network.  We check for holes in your Internet infrastructure; and the ideal way to stay secure on the Internet is to stay ahead of hackers, at all times.

Why Assign A Third Party To Do Hacking Test?

We provide an outsiders view on how easy/difficult it is to compromise your website/network. Having an audit report from a third party outlining all confirmed security vulnerabilities on the website/network provides invaluable information. The service is quick. You will have the advantage of continually knowing how secure your website/network is; and what you can do to improve it.

We Have A Firewall Installed. Do We Still Need This Test?

YES. Hacking Test a.k.a network penetration testing is important if you have a Firewall; as it forms a part of your assessment of your Firewalls reliability. Performing a network scan or penetration test when you have a firewall will test the settings on your Firewall. It is important to test your Firewall each time you have made upgrades or changes to the settings; to ensure it is protecting your network perfectly.

Will Firewalls Interfere With The Test?

Firewalls are an essential part of a network security. We assess firewall’s effectiveness in addition to applications and protocols such as web, FTP, and e-mail that are frequently accessible through firewalls. The test also looks for holes in the firewall where usually a mis-configured firewalls poses security threats.

Can I Test Any IP Address?

YES. We can test any and as many IP addresses as you want; provided that they belong to you. We will not test any third party IP address.

How Many Types Of Vulnerabilities Can Be Detected?

We do scanning and audits on all types of networks. Currently, we can check for up to 1,000 different vulnerabilities.

What Happens After Vulnerabilities Is Detected?

We provide a detailed report on each vulnerability which includes the vulnerable host(s), operating system weaknesses, level of security risk of the vulnerability, description of the vulnerability and recommendations for correcting the problems.

Do You Fix Vulnerabilities Found During The Test?

No. We highlight the weaknesses and recommend solutions. It is not advisable to perform automatic fixes, even if it was possible; since this could cause a variety of concerns. However, we can offer advice about security risks should this be necessary. It is your responsibility to follow with the recommendations to secure your website/network.

What Website Have You Done Hacking Test Before?

We have done various Hacking Test/Penetration Test. Our clients includes banking institution, companies and individuals websites. We do not mention our client’s name due to certain privacy policy and non-disclosure agreement.

STILL UNSURE? Contact us for a FREE consultation

Email to us at admin@rmcomputersecurity.com or click the button to contact us via our online form