Cyber Security

Put an end to endless cyberattacks

ABOUT US

Our team consist of highly trained professionals with extensive experience in the cybersecurity domains, technology and testing techniques in wide range of industries such as local and global financial services, aviation, manufacturing, telecommunication, power plant, software house, government agencies, e-commerce and others. Most importantly, our team has proven track record in cybersecurity services and we believe that the amount of experience our team has gained will prove to be invaluable to perform cybersecurity assessments.

OUR EXPERTISE
 Penetration Testing
  
 Consulting
   
 CyberSecurity Incident Response




PENETRATION TESTING- OUR APPROACH

We perform comprehensive ("OWASP") Top 10, SANS Top 20 Critical Security Controls and other standards to identify security vulnerabilities in the system and to propose recommendations to address the vulnerabilities identified. Using a combination of a automated and manual testing approach (using Paros or Burp), the penetration testing team will attempt to identify the following types of common security issues in applications and servers from an anonymou intruder's perspective, and authenticated user perspective (if applicable)
PENETRATION TESTING- OVERVIEW

The following are our offering for penetration testing services:-

Application penetration testing

1.Web application
2.Thick client
3.Mobile application Infrastructure penetration testing
1.Internal and external vulnerability assessment and penetration testing
2.Wireless assessment
3.Social Engineering
PENETRATION TESTING- OUR APPROACH

We perform comprehensive penetration testing by referencing to leading standards such as Open Web Application Security Project ("OWASP") Top 10, SANS Top 20 Critical Security Controls and other standards to identify security vulnerabilities in the system and to propose recommendations to address the vulnerabilities identified.Using Using a combination of a automated and manual testing approach (using Paros or Burp),the penetration testing teamwill attempt to identify the following types of common security issues in applications and servers from an anonymou intruder's perspective, and authenticated user perspective (if applicable)
PENETRATION TESTING - INFRASTRUCTURE

 Infrastructure penetration tests will be performed on the servers to identify security vulnerabilities in the system and to propose recommendations to address the vulnerabilities identified. Using a combination of a state-of-the-art commercial scanning tool (Nessus and Nexpose) and manual testing approach (Metasploit), the penetration testing team will follow the methodology listed below throughout the course of the engagement:

 Information Gathering  Host Discovery  Port Scanning Os Fingerprinting
Vulnerability Identification  Services Fingerprinting Vulnerability Assessment and Identification
Exploitation  Exploit Selection  Vulnerability Exploitation
PENETRATION TESTING- OUR APPROACH

 Our approach has been customized according to the unique requirements of clients and we believe that with this approach we can effectively identify any potential gaps present within clients application and network environment. Our methodology is encapsulated in the schematic diagram below:

PENETRATION TESTING - WEB APPLICATION For the application penetration testing, we will perform application testing using an anonymous user as well as a legitimate user. 1. For the anonymous user, the aim of the application penetration test is to determine whether the application's authentication mechanism can be bypassed and whether the application is susceptible to attacks from an intruder. 2. For the legitimate user (normal agent user), the aim of the application penetration test is to determine whether a malicious internal user is able to bypass controls and escalate privileges to perform rogue activities that could have gone undetected. The application penetration test methodology consists of the following key steps: