Cybersecurity assessment (tests)
Security Assessment:
-
Web Application Penetration Testing
-
Mobile Application Penetration Testing
-
Wi fi Penetration Testing
-
Network Penetration Testing
-
Red Teaming Exercise
-
Source Code Review
-
Hardening Review
-
Vulnerability Assessment
-
Information Risk Assessment
-
Application Security Audit Information System Audit & Compliances
-
Threat Modeling
-
SAP Authorization Review & Segregation of Duties (SoD)
Methodology – application vapt:
Information Gathering → Vulnerability Analysis →Exploitation→Post-Exploitation→Reporting
-
Covers the classes of vulnerabilities in the Open Web Application Security Project (OWASP) Top 10 2021
-
Two phases :
I. Phase 1: Review the scan results (analyze the findings and remove any false-positives)
II. Phase 2: Further exploit the system to discover any new vulnerabilities that are not discovered in Phase 1. And this takes 80% of the overall entire assessment.
Methodology – network vapt:
Discovery → Emuneration → Vulnerability Mapping → Exploitation → Analysis
-
Identify security weakness, vulnerabilities and to prevent unauthorized parties from accessing, changing or exploiting the systems.
-
Our methodology is designed to emulate real-world security attacks by iterating deeper and wider from any initial entry point that we get
-
Main tool used is Nessus Pro
-
1x Main test followed by 2x retest once the vulnerabilities are fixed
Methodology – secure code review:
Planning & Preparation → Code Walkthrough → Vulnerability Identification → Manual Review → Report
-
Our Secure Code Review method covers the classes of vulnerabilities in the Open Web Application Security Project (OWASP) Code Review Top 9.
-
Open-source tools are used along with manual review for deeper coverage
-
False positives are identified and removed
-
1x Main test followed by 2x retest once the vulnerabilities are fixed
Methodology – host configuration review:
Assess existing configuration→ Configuration comparison→ Reporting
-
Security Hardening review of the systems is to ascertain that the systems are hardened against approved benchmarks.
-
Reviewed against CIS Benchmarks and/or Internal Baseline
-
Tools used: Nessus Professional
-
1x Main test followed by 2x retest once the vulnerabilities are fixed
Methodology – red teaming:
-
Objective-base Penetration Test (OBPT) refers to adversary tactics and techniques or simulated attacks, this test focus on exploiting ways to achieve the objectives.
-
This is a goal-oriental assessments with defined objectives based on Mitre Attack