|
Professional
Security Services (PSS)
We are having team
of professionals which can provide various
different professional security services. They
are as follows.
Vulnerability
Assessment - Focus of this service is to
identify potential vulnerabilities residing on
the corporate network. This service gives client
complete risk exposure and countermeasure for
securing their assets.
Internal
Network Assessment - Focus of this service
is to scan internal network by our professionals
and identify loopholes in the internal assets.
These assets can be attacked by internal staff
and can be compromised. In this service we build
consolidated report on all internal assets and
their security.
Attack and
Penetration testing - Focus of this service
is to perform full blown penetration testing
across both external and internal networks. In
this service we identify vulnerabilities and
exploit them as well. We try to determine till
what far we can go with zero knowledge. The
result of this testing can be eye opening for
various corporate.
Component
review - Focus of this service is to review
various different components like Firewall, VPN
devices, Wireless networks, Routers, Virus
scanners, Patch management systems etc. If we
identify any loopholes into these components
then we report back to client. These components
are very critical for overall security posture
of the corporate.
Network
Architecture review - Focus of this service
is to study and review overall network
architecture and try to identify loopholes and
come up with possible threat model.
Application assessment and audit
- This service encompasses
thorough application assessment with zero
knowledge. It starts with application
foot-printing and ends with a list of
vulnerabilities residing in your application
layer. Our report will cover our methodologies,
tools used, findings and remediation strategies.
It helps in securing the application by
following the remediation strategies. Follow up
assessment to verify the security posture will
also be done after the fixes are applied.
Application pen-testing -
The objective is to determine
vulnerability in the application layer and to
follow up with exploits. This gives the actual
threat level and information exposure in your
application layer. Once again this service is
also with zero knowledge.
Application code
review - This service covers complete
application code scanning from security point of
view. The objective is to traverse through the
entire application code base and to identify
loopholes and possible security vulnerabilities.
The report will contain findings along with the
exact location of the issues for guidance to the
developers. The development team can then take
immediate action to rectify the issues. The code
quality will be compared with secure coding best
practices and the issues will be reported on
this basis.
Application
architecture review and threat modeling -
In the early part of the development
lifecycle of an application it is possible to do
a thorough architecture review. It is ideal to
build a threat model at the architecture stage
and use it during the rest of the development
cycle. Such a model can provide guidance on
various security controls that need to be
addressed by developers to secure the
application.
Application deployment assessment -
Application deployment
environment contains web servers, application
servers, databases, middleware etc. This service
encompasses analysis of the deployment
environment and suggests various different
configurations to protect the application
infrastructure.
|
