Berezha Security Group (BSG)

Application Security & Penetration Testing

5.0 3 Reviews
Visit website
Write a Review
Claimed Profile

Berezha Security Group is a cybersecurity consulting firm specializing in all aspects of application security, infrastructure and social engineering penetration testing, cybersecurity consulting, and professional training.

Since its founding in 2014, Berezha has delivered over 120 projects for more than 80 clients worldwide. We have customers in all major business sectors, including IT services, software products, banking, fintech, retail, healthcare, media, gaming, consulting services, legal and advisory, and more.

Certifications

ISO 9001:2015
ISO 27001
$50 - $99/hr
10 - 49
2014
Locations
Ukraine
6 Nimanska St., 41, Kyiv, kyiv 01103
+380 (44) 364 7336

Focus Areas

Service Focus

70%
30%
  • IT Services
  • Testing Services

Client Focus

70%
5%
25%
  • Small Business
  • Large Business
  • Medium Business

Industry Focus

25%
10%
10%
7%
48%
  • Information Technology
  • Financial & Payments
  • Banking

Berezha Security Group (BSG) Executive Interview

Vlad Styran
Vlad Styran
Co-Founder & CEO
Visit Profile
Please introduce your company and give a brief about your role within the organization.
Berezha Security Group is a cybersecurity firm focused on application security, penetration testing, information security consulting, and professional training. Since our founding in 2014, we completed over 200 projects for over 100 clients. We have finished 2021 with a 20% growth in revenue, staff, and projects pipeline.
I am a co-founder and act as CEO since May 2021. At BSG I am responsible for our growth and customer success.
What is the story behind starting this company?
BSG started up in 2014 as a cyber security testing company with the goal to become one of the best cyber security firms. Now we provide top-quality cyber security consulting services to clients in all major verticals. However, due to our strong positions in application security and penetration testing, over 70% of our clients are IT Product startups and IT Services firms, mainly focused on software engineering.
What are your company’s business model–in house team or third party vendors/ outsourcing?
We are mainly a cyber security consulting practice, with a focus on software security and everything around it. We source our projects by permanent staff, with 2-3 exceptions per year, when the nature of the engagement requires external expertise, such as a deep understanding of AI, formal approach to cryptographic review, experience with certain hardware, etc.
How does your company differentiate itself from the competition?
We provide premium services for affordable rates because of our unique approach to cybersecurity assessments. We eliminate dull routines from our job using our own in-house developed collaboration platform. We call it DARTS: Dynamic Application Red-Teaming Solution, and it solves two of the worst productivity issues in this profession. First, our consultants and pentesters do not waste their time writing reports. Second, our customers can have interactive online access to project progress and deliverables.
Please share some of the services that you offer for which clients approach you the most for?
Application Security assessments    76%.
Penetration Testing services        10%.
Cybersecurity consulting        9%.
Professional training            5%.
What is your customer satisfaction rate according to you? What steps do you take to cater to your customer’s needs and requirements?
We have a 5/5 stars rating as well as maintain our references and a similar rating on GoodFirms. Our exit interviews demonstrate similar figures.
What kind of support system do you offer to your clients for catering to their queries and issues?
We have a dedicated PMO that manages all customer communications throughout a project. We also onboard our permanent clients to our pentesting platform, where we can collaborate on our findings much more quickly and reliably than via document exchange. It is called DARTS, and it is basically Google Docs + Jira for hackers and defenders.
What kind of payment structure do you follow to bill your clients? Is it Pay per Feature, Fixed Cost, Pay per Milestone (could be in phases, months, versions etc.)
Our projects are mainly Fixed Costs, with a 50/50 split in advance and post-payment. In a few permanent engagements where bill monthly.
Do you take in projects which meet your basic budget requirement? If yes, what is the minimum requirement? If no, on what minimum budget you have worked for?
We do not have minimum requirements, but we expect work to take at least a week, so there is a natural lower limit to our price tag. It is about 2500 USD.
What is the price range (min and max) of the projects that you catered to in 2020?
Our averages in 2020 and 2021 were 7600 and 7300 USD respectively. Min and max were about 2500 and 50000 each year, based on the size and complexity of the project scope.
Where do you see your company in the next 10 years?
10 years is way beyond our planning horizon: 10 years ago we did not exist. In 5 years we are aiming to become a team of at least 50 consultants with an overall staff of about 75 people. We are planning to increase our marketing effort and increase our InfoSec and cybersecurity consulting capacity. We also hope to scale up our DARTS platform and make it a software product others could benefit from as we do now.

Berezha Security Group (BSG) Clients & Portfolios

Web Application Security Assessment for a SaaS Product
View Portfolio
Web Application Security Assessment for a SaaS Product
  • Web Application Security Assessment for a SaaS Product screenshot 1
$0 to $10000
3 weeks
Productivity

INDUSTRY

Software Product Development, SaaS Provider.

CLIENT

A US-based cloud-based e-signature solution. A SaaS document signing platform with over 45,000 customers and over 6 million users.

TEAM

BSG provided the following team composition for this project: 

  • Application Security Consultant,
  • Application Security Analyst
  • Application Security Lead
  • Project Manager

The team members had relevant Application Security experience and possessed professional certifications: CISSP, OSCP, and eWPTX.

DURATION

Three weeks.

BUDGET

$5,000 - $7,500

PROJECT CHALLENGES

The solution has a web application component; native mobile apps for iOS and Android; integrations with Salesforce, SharePoint, Office365, etc.; and public and private cloud deployment options with the unified underlying API.

Their main objective was meeting security and compliance requirements for the SaaS product and the cloud infrastructure.

As the solution stored and processed mainly sensitive data, it faced data exposure risks or software security vulnerabilities. 

SOLUTION

BSG recommended the client make the following systemic improvements:

  • Conduct regular Application Security assessments
  • Conduct an Application Security Awareness training for the development team
  • Implement crucial Application Security practices in the software development processes.

After the client has fixed all discovered issues, BSG performed a re-test of all initial findings free of charge and updated the report with retest results.

RESULT

BSG has delivered a comprehensive report describing all discovered vulnerabilities and providing actionable recommendations on fixing them. During the next two months, the client has remediated all reported issues, and BSG has conducted a re-test.

The Application Security assessment helped the client achieve compliance to external requirements, improve the product’s security level, remove potentially harmful security weaknesses, and avoid future data breaches.

Berezha Security Group (BSG) Reviews

5.0 3 Reviews
  • All Services
  • IT Services
  • Testing Services
  • Relevance
  • Most Recent
  • Rating: high to low
  • Rating: low to high
Write a Review
Dmytro Vdovychynskyi

Security assessment

Rating Breakdown

  • Quality
  • Schedule & Timing
  • Communication
  • Overall Rating

Project Detail

$10001 to $50000

Review Summary

It's been a second time when we decide to make an application and infrastructure Security Assessment together with BSG and I've been pleased to work with them. They are result-oriented professionals, committed, and on time.

What service was provided as part of the project?

Testing Services, IT Services

Vitalii Savisko

Network and social engineering

Rating Breakdown

  • Quality
  • Schedule & Timing
  • Communication
  • Overall Rating

Review Summary

This year Berezha Security helped us to perform Network and social engineering penetration testing and additionally application pen. testing.
We appreciate professional communications, cybersecurity, and engineering skills, along with their efforts within these projects. Detailed reports contain easy to understand thread model, evidence, and all the necessary recommendations about how to fix findings. They also provide free re-test in 60 days.

What service was provided as part of the project?

IT Services, Engineering Services

Xattab X

Penetration testing project

Rating Breakdown

  • Quality
  • Schedule & Timing
  • Communication
  • Overall Rating

Review Summary

Magnificent - professional work & team.
An excellent approach to the project.
Good communication with the project development team. Quick understanding of the essence of the application and its potential vulnerabilities.
An excellent approach for conducting threat modeling for an application in conjunction with the development team.
An informative report as well as real recommendations for mitigation the vulnerabilities found.
I recommend this company to any business looking for cybersecurity consulting.

What service was provided as part of the project?

IT Services

Resources

2020 BSG Security Vulnerabilities  and Business Outcomes Report
View eBook