Cybersecurity assessment (tests)

 

Security Assessment:

  • Web Application Penetration Testing

  • Mobile Application Penetration Testing

  • Wi fi Penetration Testing

  • Network Penetration Testing

  • Red Teaming Exercise

  • Source Code Review

  • Hardening Review

  • Vulnerability Assessment

  • Information Risk Assessment

  • Application Security Audit Information System Audit & Compliances

  • Threat Modeling

  • SAP Authorization Review & Segregation of Duties (SoD)

 

Methodology – application vapt:

Information Gathering → Vulnerability Analysis →Exploitation→Post-Exploitation→Reporting

  • Covers the classes of vulnerabilities in the Open Web Application Security Project (OWASP) Top 10 2021

  • Two phases :

I. Phase 1: Review the scan results (analyze the findings and remove any false-positives)

II. Phase 2: Further exploit the system to discover any new vulnerabilities that are not discovered in Phase 1. And this takes 80% of the overall entire assessment.

 

Methodology – network vapt:

 

Discovery → Emuneration → Vulnerability Mapping → Exploitation → Analysis

  • Identify security weakness, vulnerabilities and to prevent unauthorized parties from accessing, changing or exploiting the systems.

  • Our methodology is designed to emulate real-world security attacks by iterating deeper and wider from any initial entry point that we get

  • Main tool used is Nessus Pro

  • 1x Main test followed by 2x retest once the vulnerabilities are fixed

Methodology – secure code review:

Planning & Preparation → Code Walkthrough → Vulnerability Identification → Manual Review → Report

  • Our Secure Code Review method covers the classes of vulnerabilities in the Open Web Application Security Project (OWASP) Code Review Top 9.

  • Open-source tools are used along with manual review for deeper coverage  

  • False positives are identified and removed  

  • 1x Main test followed by 2x retest once the vulnerabilities are fixed

Methodology – host configuration review:

Assess existing configuration→ Configuration comparison→ Reporting

  • Security Hardening review of the systems is to ascertain that the systems are hardened against approved benchmarks.

  •  Reviewed against CIS Benchmarks and/or Internal Baseline  

  • Tools used: Nessus Professional

  • 1x Main test followed by 2x retest once the vulnerabilities are fixed

 

Methodology – red teaming:

  • Objective-base Penetration Test (OBPT) refers to adversary tactics and techniques or simulated attacks, this test focus on exploiting ways to achieve the objectives.

  • This is a goal-oriental assessments with defined objectives based on Mitre Attack