ABOUT US
Our team consist of highly trained professionals with extensive experience in the cybersecurity domains, technology and testing techniques in wide range of industries such as local and global financial services, aviation, manufacturing, telecommunication, power plant, software house, government agencies, e-commerce and others. Most importantly, our team has proven track record in cybersecurity services and we believe that the amount of experience our team has gained will prove to be invaluable to perform cybersecurity assessments.
OUR EXPERTISE
Penetration Testing
Consulting
CyberSecurity Incident Response
PENETRATION TESTING- OUR APPROACH
We perform comprehensive ("OWASP") Top 10, SANS Top 20 Critical Security Controls and other standards to identify security vulnerabilities in the system and to propose recommendations to address the vulnerabilities identified. Using a combination of a automated and manual testing approach (using Paros or Burp), the penetration testing team will attempt to identify the following types of common security issues in applications and servers from an anonymou intruder's perspective, and authenticated user perspective (if applicable)
We perform comprehensive ("OWASP") Top 10, SANS Top 20 Critical Security Controls and other standards to identify security vulnerabilities in the system and to propose recommendations to address the vulnerabilities identified. Using a combination of a automated and manual testing approach (using Paros or Burp), the penetration testing team will attempt to identify the following types of common security issues in applications and servers from an anonymou intruder's perspective, and authenticated user perspective (if applicable)
PENETRATION TESTING- OVERVIEW
The following are our offering for penetration testing services:-
Application penetration testing
1.Web application
2.Thick client
3.Mobile application Infrastructure penetration testing
1.Internal and external vulnerability assessment and penetration testing
2.Wireless assessment
3.Social Engineering
The following are our offering for penetration testing services:-
Application penetration testing
1.Web application
2.Thick client
3.Mobile application Infrastructure penetration testing
1.Internal and external vulnerability assessment and penetration testing
2.Wireless assessment
3.Social Engineering
PENETRATION TESTING- OUR APPROACH
We perform comprehensive penetration testing by referencing to leading standards such as Open Web Application Security Project ("OWASP") Top 10, SANS Top 20 Critical Security Controls and other standards to identify security vulnerabilities in the system and to propose recommendations to address the vulnerabilities identified.Using Using a combination of a automated and manual testing approach (using Paros or Burp),the penetration testing teamwill attempt to identify the following types of common security issues in applications and servers from an anonymou intruder's perspective, and authenticated user perspective (if applicable)
We perform comprehensive penetration testing by referencing to leading standards such as Open Web Application Security Project ("OWASP") Top 10, SANS Top 20 Critical Security Controls and other standards to identify security vulnerabilities in the system and to propose recommendations to address the vulnerabilities identified.Using Using a combination of a automated and manual testing approach (using Paros or Burp),the penetration testing teamwill attempt to identify the following types of common security issues in applications and servers from an anonymou intruder's perspective, and authenticated user perspective (if applicable)
PENETRATION TESTING - INFRASTRUCTURE
Infrastructure penetration tests will be performed on the servers to identify security vulnerabilities in the system and to propose recommendations to address the vulnerabilities identified. Using a combination of a state-of-the-art commercial scanning tool (Nessus and Nexpose) and manual testing approach (Metasploit), the penetration testing team will follow the methodology listed below throughout the course of the engagement:
Infrastructure penetration tests will be performed on the servers to identify security vulnerabilities in the system and to propose recommendations to address the vulnerabilities identified. Using a combination of a state-of-the-art commercial scanning tool (Nessus and Nexpose) and manual testing approach (Metasploit), the penetration testing team will follow the methodology listed below throughout the course of the engagement:
| Information Gathering | Host Discovery | Port Scanning | Os Fingerprinting |
| Vulnerability Identification | Services Fingerprinting | Vulnerability Assessment and Identification | |
| Exploitation | Exploit Selection | Vulnerability Exploitation | |
PENETRATION TESTING- OUR APPROACH
Our approach has been customized according to the unique requirements of clients and we believe that with this approach we can effectively identify any potential gaps present within clients application and network environment. Our methodology is encapsulated in the schematic diagram below:
Our approach has been customized according to the unique requirements of clients and we believe that with this approach we can effectively identify any potential gaps present within clients application and network environment. Our methodology is encapsulated in the schematic diagram below:
PENETRATION TESTING - WEB APPLICATION
For the application penetration testing, we will perform application testing using an anonymous user as well as a legitimate user. 1. For the anonymous user, the aim of the application penetration test is to determine whether the application's authentication mechanism can be bypassed and whether the application is susceptible to attacks from an intruder. 2. For the legitimate user (normal agent user), the aim of the application penetration test is to determine whether a malicious internal user is able to bypass controls and escalate privileges to perform rogue activities that could have gone undetected. The application penetration test methodology consists of the following key steps:
TEKAD MAJU SOLUTIONS 2018 (No.854895W)