The challenge
Only a simulated attack reveals what a motivated adversary would actually extract from your systems. West African financial institutions are prime targets, and most discover their critical flaws during an incident — at the worst possible time.
What we deliver
External and internal penetration tests (network, web and mobile applications)
Targeted social-engineering campaigns with compromise-rate measurement
Configuration review against CIS benchmarks
Executive report + reproducible technical report
Prioritized remediation plan and verification re-test
Our method
Scoping: perimeter, rules of engagement, NDA — nothing without written authorization.
Controlled execution, without disrupting production.
Two-level debrief: management and technical teams.
Re-test after remediation to prove flaws are closed.
Who it's for
Banks, payment institutions, insurers, public administrations and companies handling sensitive data in Senegal and the WAEMU zone.
Frequently asked questions
Can a pentest disrupt our production?
No: rules of engagement exclude destructive actions, sensitive tests run outside critical hours, and an emergency-stop channel is agreed before starting.
What is the difference between a security audit and a penetration test?
An audit assesses the whole posture (organization, configurations, processes); a pentest proves flaws are actually exploitable. They complement each other — we often combine both.
How often should we test?
At least annually and after any major system change; PCI DSS requirements and BCEAO good practices point the same way.
