Penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious user, known as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered. We do black box blind testing, limited knowledge white box testing. .....Read more(Penetration Testing detailed description – new page or pdf download?)
Vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps:
· Cataloging assets and capabilities (resources) in a system.
· Assigning quantifiable value (or at least rank order) and importance to those resources
· Identifying the vulnerabilities or potential threats to each resource
· Mitigating or eliminating the most serious vulnerabilities for the most valuable resources
Log Analysis is one of the great overlooked aspects of operational computer security. Many organizations spend hundreds of thousands of dollars on intrusion detection systems (IDS) deployments - but still ignore their firewall logs. Why? Because the tools and knowledge to make use of that data are often not there, or the tools that exist are too inconvenient. You should expect that to change. Right now, IDS vendors are up against the wall with the volumes of data they produce; the next wave in security is to try to usefully correlate and process the contents of multiple logs.
Application Security Reviews: The path to application security begins by rigorously testing source code for any and all vulnerabilities, to ensure the application will not compromise, or allow others to compromise, data privacy and integrity. We do the steps to secure source code, development practices, and present a source code security review checklist. We do both white box review and black box review. We check for if appropriate frame work are used (features of the programming language). We also check for specific vulnerabilities like sql injection, cross scripting, buffer overflows, string formats, and input validations.
Third party security assessments: What do you do if you are a customer in US and you want to check if your client has applied specific configuration & firewall you wanted him implement. You give us the list of conformance you want your client to follow. We will do security assessment for you. Our company has done some security assessment for some of the biggest companies in US. We can check physical log records, firewall logs, perform vulnerability analysis to check if all patches, rules are as per your requirements. We can point out Non conformance (NC) and also suggest work arounds for fixing the same.
Part time Chief Security Officer: It is not very easy to hire a Chief security Officer for your company. Small and Medium Enterprise have lot of problem in hiring due to budgetary constraints. Lot of security incidents happen from insiders and outsiders.
What we offer:
· Monthly visit to your premises and vulnerability assessment and report on how to fix the vulnerability.
· Penetration testing to test the security of your organisation from outside.
· Compliance with IT-ACT and law of land.
· Ensuring sufficient technologies and process exist to do forensic in case of incident.(Incident response in place). This includes Policies & procedures to be written.
· If your organisation is already part of other standards like ISO 27001, these will be implemented without disturbing existing process in place.
· Emergency assistance on email available throughout month.
Application Security Architecture & Design: We help you do the following Security Frame, Security Design Guidelines, Threat Modeling, Security Architecture and Design Review, Security Code Review, Security Deployment Review, Security Guidelines. We use the features for enhancing security which are available in the programming language. Some of these features have bugs, let our experts tell you what to use and what not to use.
Network Design & Architecture: Want us to design you network for security from scratch or you got a network already in place. Both ways our experts can come to your network design them or rearrange them to ensure your security concerns known and unknown are taken care of.
Countering Cyber Espionage: For last two decades corporate had to protect against opponents using espionage on them to steal confidential information, using variety of means like paying up, making friends to get garbage of their competitors and reconstructing information, getting hold of order copies, invoices, database using all possible means.
Now the corporate espionage has taken a new dimension with usuage of computers. the competitors agents no more break into offices at mid of night.The entire espionage has become centered around the computer system of competitors. There are insider attack on local network and external corporate espionage from cyber space.
Competitor hire a private intelligence organisation or black hat hackers(who hacks illegally for money) directly and tell them what information of competitor they want. The black hat hacker goes about idenitfying the assets of the company(reading more about company, looking at website, writing mails to competitor organisation and finding out who may have the required information. If he knows exactly who owns the information(from his employer) he directly goes behind the information holder.
Once the target is identified, it is kind of easy for black hat hacker. The fundamental of most of these attacks follow the same modus operandi, target stores most confidential information on their machine or laptop and never on central location in corporate. He sends a email to the the target like his friend(and tries to deploy a trojan- data stealing program) once he deploys a trojan he can get access to the files on target laptop. This technique is called social engineering.
The next technique could be target is talking to black hat hacker over a chat, he sends weblink to the target, the target clicks on the link to read up an interesting story, the trojan - data stealing program gets download to target computer. The target is compromised and the black hat hacker can download any information from target computer.
The third technique is attack can arrive through a pdf file, doc file, xls file. The trojan - data stealing program is embedded into ms office files or pdf file. If the target machine is not patched for MS office and PDF vulnerability(most computers are patched with latest updates for antivirus, Operating system only). The trojan could get downloaded from the pdf or doc file and get installed on the target machine.
Testing:
· We offer testing of antivirus/security software (including desktop security products) for certification bodies, IT magazines.
· We offer testing of security software features like effectiveness of antivirus/security software from a user perception.
· We offer unique testing option for a vendor to test their product against geographical locations samples. Eg: a product vendor can test his product against malware threats from china, japan, korea.
· Testing of product features like heuristics, sandbox, code emulation - How effective they are?
· We do non commercial testing for non governmental bodies/non profit origination, if they approach us for public interest. We undertake testing on their behalf.
Training:
· We are constantly innovating new things on cyber security. We do customized training for our clients. We have conducted training programs for various law enforcement agencies, Airforce force college, audit control association (ISACA) and other national level associations.
· Some of topics include Cyber security, Safety, penetration testing, vulnerability assessment, Worm - Mitigation strategies, Antivirus Technologies.
Home 
Services
Services
