We are reliable, trustworthy, and ready for challenges! Hire Us
About Us
- Home
- About Us
// what we offer
Information systems
Information systems
security audit
Detection of security vulnerabilities using penetration testing
Cybersecurity is our forte. The list of our clients and partners includes business and non-governmental organisations, and military organisations from all over Europe. We offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.
Our services include comprehensive security audits and analysis of potential threats. We focus on detecting vulnerabilities in security systems, verifying the reliability of procedures and the effectiveness of your system and hardware security. We can also carry out a security analysis of your source code to detect vulnerabilities that hackers can take advantage of. This allows us to accurately determine the actual vulnerability of your system to potential attacks.
Penetration testing is the most important tool in our kit. The goal of our penetration tests is to break through your security systems using the same methods a determined criminal would use to achieve the same goal. Our penetration testers have an excellent understanding of intrusion techniques and security system design. Their efforts are summed up in a report with recommendations of improvements that will boost your security posture and minimise the risk of data theft or loss.
// our services
We Offer a Wide
We Offer a Wide
Variety of IT Services
Web Application Security Testing
We test your web applications to detect issues that could lead unauthorised third parties to take control of them. Our methodology allows us to identify vulnerabilities from OWASP TOP 10 list – the Top Ten Web Application Security Risks. With that, you can make sure that your applications meet international security standards.
Cybersecurity Research
Cybersecurity research is a connection between science and business. It is an answer to difficult-to-address challenges in the cybersecurity industry. A team of cybersecurity experts and leaders identify potential solutions to your problem, recommend different approaches, and implement the best solution for you. The outcome of the research can be in a format of a paper, report, or tool with conclusions and recommendations.
Network Penetration Testing
We test the security of your network to check its resilience against unauthorised access attempts. In the first stage, we use scanning and attempt to bypass security using specialised tools. To that end, we use exploits that use various software vulnerabilities and configuration errors. Thanks to these, we can identify vulnerabilities and issues in your network that can potentially be used by criminals.
Vulnerability Assessment
A vulnerability is a gaping hole in the system, overlooked by the developers, which is like an open gate for the criminals. This might result in a hostile takeover of the vulnerable system, which can lead to downtime or worse – destruction or exfiltration of data. Our automated vulnerability analysis helps you avoid such threats.
Red Teaming
Red Teaming is a simulation of a massive, collaborative attack on information systems. A team of specialised consultants identifies the target, then obtains the relevant data and tries to breach the security of the whole company. These activities can use both IT and social engineering measures – testing both software solutions and threat awareness among users.
Mobile Penetration Testing
Our mobile application security tests check whether users of your mobile application or outsiders can cause harm to the company or other users. There are a number of things we focus on, including data storage and authentication procedures, which are often used by criminals for identity theft and hacking. We find vulnerabilities in mobile application security and provide recommendations on patching them out.
Source Code Review
We carry out reviews of source code of your systems and applications to check for issues and vulnerabilities. We can then help you fix them and improve the next releases. Only regular audits guarantee the proper security of company and customer data in industry, e-commerce, banking, healthcare, insurance and public administration sectors.

// Experience. Execution. Excellence.
What We Actually Do
We'll find vulnerabilities in your web apps before criminals do!
We are experts in the field of cybersecurity. Every day, we keep looking for issues in applications, systems and data communication networks using black box, white box and grey box penetration testing methodologies. We offer meticulous source code analyses. We assess the security of your devices, servers and endpoints, checking their resilience against external and internal threats. We identify real threats and advise you on how to implement effective safeguards.
We find vulnerabilities in your software written using a variety of programming languages, frameworks and runtime environments, including PHP, Python, C#, Java, NodeJS, CakePHP, Symfony, Spring and .NET MVC. We have identified hundreds of vulnerabilities and helped implementing patches and safeguards that have protected our Clients from XSS, SQL injection, code injection, XSRF and many other attacks.
Let us find vulnerabilities in your IT system before cybercriminals do!
// Vulnerabilities
Identified vulnerabilities
Here are example vulnerabilities we discovered along with assigned severity.
Command Injection vulnerability in MISP
SQL injection in Imagicle Application Suite
Directory Path Traversal in KNIME
Stored XSS in MISP
// latest case studies
Securing our clients
Check out what we do, learn more about our ways of working and the results we achieve. Take a look at case studies from our latest audits.

Dawid Czarnecki
CEO, Cybersecurity Expert
- Experience: 11 Years
- Email: dawid.czarnecki@zigrin.com
Biography
Dawid Czarnecki started his career by developing a wide variety of web applications. As a web developer, he learned the ins and outs of application development and the common mistakes developers make that affect their applications’ security. In the following years, he focused on developing secure applications, all while learning the techniques used by cybercriminals and the methodologies of breaking through various security systems – all of this led him to become a professional pentester. He decided to devote his career to finding software vulnerabilities and ways to fix them.
The expertise of Dawid Czarnecki is best shown by the fact that he had worked as an senior penetration tester at NATO Cyber Security Centre, where he was tasked with penetration testing of applications, systems and network infrastructure in NATO member states. His exceptional skills are confirmed by a number of renowned industry certifications, including the Offensive Security Certified Professional (OSCP, also known as the ethical hacking certification), GIAC Certified Incident Handler (GCIH, a certification of expertise and skills required for responding to hacking attacks, issued by Global Information Assurance Certification), and GIAC Certified Web Application Defender (GWEB, a certification of competence in securing web applications).
Dawid Czarnecki is a member of the GIAC Advisory Board. In 2019, he became the SANS NetWars champion – he placed 3rd in the SANS Core NetWars tournament at the Pen Test Hackfest Summit in Berlin. As an expert, he develops assignments and competency tests for cybersecurity professionals, while participating in Capture the Flag hacking tournaments. This unique set of skills allows him to approach cybersecurity from two perspectives – that of security developers and that of a potential hacker. Thanks to his expertise, Zigrin Security can offer its clients a proper assessment of actual threats to their IT systems and effective countermeasures.
Vision
Hey, my name’s Dawid! I have been helping companies protect their data for 11 years now. In 2017, I founded Zigrin Security. Here, I keep doing what I have always been passionate about, and which has later turned into a mission. I share my knowledge and experience with my Clients to make sure that they can be safe from cyberattacks.
Company’s methodology stems from observations of real-world security systems. I have seen many companies that have carefully developed security policies in place, but still fail to effectively prevent cyberattacks. This is because documentation is not a diagnosis of the actual state of security and does not protect against threats.
Zigrin Security offers something else – we use penetration testing to detect actual vulnerabilities and threats. I want you to be a step ahead of criminals and implement corrective actions before an attack occurs. I believe that it is possible to achieve a level of security that will deter cybercriminals and force them to invest more time and money to launch a successful attack.
Zigrin Security offers you a sense of IT security. We help our Clients stay one step ahead of cybercriminals. We focus on professionalism and consistency. We are goal-oriented. I believe that we will become a significant player in the global cybersecurity market in the near future.