Vulnerability Assessment & Penetration Testing

Contego Solutions approach is based on global security best practices including NIST, SANS PIC DSS and ISO 270001/2. Our Security Consultants will assess Technology, People and Processes for security vulnerabilities.

Our goal is to identify weaknesses in the network from external and internal point of view, as well as provide suggestions on how to mitigate potential problem. Our security vulnerability testing service can answer the following questions:

  • Could a hacker access your network or your corporate critical information?
  • Is your corporate network vulnerable to an attack or compromise?
  • Are your internet facing systems protected from attacks?
  • Could your wireless network provide a backdoor to your systems?
  • Could an attacker steal financial and critical information from your servers?
  • Are all your applications secured from inside and outside access?
  • Are your security staff aware?

The Methodology for the VA/PT testing is based on established standards and can be summarized as below:


External black-box vulnerability assessment

Exercise in which the vendor tries to circumvent the application and the supporting components technical security controls with minimum initial knowledge (only the targeted IP or URLs to be provided as a starting point). The attacks are expected to involve both automated scans and manual testing. The exercise is defined as external which means that the vendor shell perform the test from workstations not directly connected to the customer corporate network.

Internal gray-box vulnerability assessment

Exercise in which the vendor tries to circumvent the application and the supporting components security controls with credentials providing authenticated access to the tested system. The attacks are expected to involve both automated scans and manual testing. The exercise is defined as internal which means that the vendor shell perform the tests from workstations connected to the customer corporate network.

Please contact us to evaluate your requirements and offerings…

Website Monitoring & Defacement

Websites today are increasingly getting more complex and rely on many critical parts that can be vulnerable to multiple hacking vectors. When such an incident happens; it not only destroys your online viewership but also exposes your clients and site visitors to malware, phishing and inappropriate content.

Consider the fact that more than 6,600 websites are getting hacked every single day. These legitimate websites are turned into distributors of malware by malicious hackers.

Based in Dubai, UAE, active24x7x365 and staffed with qualified Engineers with the latest innovative tools to do its job.


Operating 24 hours a day, 7 days a week, the NOC is designed to monitor, identify and solve any kind of system or user issues. The NOC is fully equipped with sophisticated network management, monitoring and analysis and Cybersecurity tools. It is available to all Managed clients and its trained staff answers all their calls, questions and inquiries.

All problems are tracked in an online Trouble Ticketing System. The customer will be assigned a Trouble Ticket Number to ensure proper follow-up. The NOC monitors all servers, backbones and network devices. It looks at error, security and operations logs to get alerted to any impending issues. The NOC’s continuous monitoring services enable its engineers to identify potential issues so that they can address them before there is a problem.

The NOC ensures the continuous and efficient operation of servers and services while providing high quality support for our clients. The NOC staff troubleshoot all network and systems related problems and any user related issues. They are available 24x7x365 to address any issue that may arise.

Please contact us to assess you website now…

Source Code Review

We have a subscription-based Static Application Security Testing (SAST) solution, directly inspecting source code for vulnerabilities.

We directly assesses source code and gives developers accurate vulnerability data, enabling them to assess and fix code continuously throughout the software development lifecycle (SDLC) includes verification of all vulnerabilities by our Research Center.

We have a designed solution from the ground up to address the unique characteristics of SAST. Source code assessment permits the discovery of vulnerabilities that are harder to detect in production, and by doing assessments in the development phase, vulnerabilities may be remediated earlier.


Preservation of Intellectual Property: No need for source code, the foundation of any business, to leave the premises.

As a SaaS based service, it enables continuous update of attack vectors via Rule Packs that identify and verify vulnerabilities – this ensures that developers stay up-to-date on the latest attacks.

Easy to set up and use: No need for in-house training or security expertise.

Vulnerabilities Assessed by our experts

Delivered through a SaaS model, Contego identifies and custom tests each Web application to identify the most common vulnerabilities such as those in the OWASP Top 10 and WASC Threat Classification, including SQL injection and cross-site scripting (XSS).

Contact us for more details…