ACROS d.o.o.

ACROS d.o.o.

ACROS Security is a leading provider of security research, real penetration testing and code review for customers with highest security requirements.

Security ConsultingPenetration TestApplication Security Analysis

ACROS d.o.o.

ACROS Security is a leading provider of security research, real penetration testing and code review for customers with highest security requirements. Our in-depth security research pushes the boundaries of global knowledge, keeps our customers ahead of competitors and users safe from attackers.

We work for financial institutions, software vendors, online service providers, cloud providers, virtualization solutions providers and others who consider security of their products, information and services critical.

Security Research

Our researchers not only find known types of vulnerabilities in our customers' products, but continually push the envelope of global security knowledge by inventing new attack methods, discovering new vulnerability classes and finding ways to exploit various peculiarities that were previously thought unexploitable.

While most of our research is done directly for customers under non-disclosure terms, we occasionally manage to find time for our own research projects that can be published.


The very foundation of our expertise is our ability to quickly find and analyze vulnerabilites in all kinds of products and systems. And we mean all kinds of products and systems: when we're confronted with a never-before-seen target in a penetration test (APT simulation) which looks like a promising path to one of our mission objectives, we need to quickly learn how it works, rapidly analyze it to find its soft spots and exploit some of the discovered vulnerabilities without disrupting customer's operations. In a single engagement, this can occur multiple times and we've thus met and successfully attacked many interesting targets like legacy mainframes, obscure remote access modems, proprietary internal applications, special-purpose devices, rare expensive machines and appliances.

On the other hand, when a customer needs us to find vulnerabilities in a particular product (that they are producing, using or considering buying), we use the available time to find as many and as severe security defects as possible. This is made possible by our internal knowledge base that we've been building and continually updating for over a decade; it contains all vulnerability types, attack methods and security tricks - those publicly known and those found or developed internally by our researchers.

ACROS Application Security Analysis

With this "Vulnerability Extermination" service we find security defects in banking, commerce, business, mobile, virtualization, security and other software that you develop or use before anyone else finds them.

Some of our most demanding customers hire us for finding critical vulnerabilities in products built by security-knowledgeable people, reviewed with best automated tools and analyzed by other experts.

ACROS Penetration Test

In a simulation of a real "Advanced Persistent Threat" attack against your information system, we become your friendly attacker and try to penetrate into the most critical parts of your networks, databases, services and applications in a controlled and managed fashion.

A test like this is the only way to see how well you're really prepared for a targeted attack.

Security Consulting

We help you reach informed security-related decisions in application development, when setting up online services and protecting your IT infrastructure.