Penetration Testing //Vulnerability Assessment //Remedy

Transcription

1 A Division Penetration Testing //Vulnerability Assessment //Remedy

2 In Penetration Testing, part of a security assessment practice attempts to simulate the techniques adopted by an attacker in compromising the target systems. Our penetration testing methodology is up to the mark with International Standards, combined with our extensive experience. You may not always know you have a problem We tell you!

3

4 Secure & optimize Analyze Scope Analyze Client needs Measure results Evalute Implementation Research Security Strategy

5 Whether we like it or not, hackers will get in and they do get in, every day. The challenge is, yes, to minimize the Risk. But as we get more sophisticated, how do we operate in an environment if we know they re in our systems? Heather Crofford, CFO of Northrop Grumman Approx Costs associated with the Targetted data breach that occurred in 2013 reached $148 million by the second quarter of A 15-year-old once hacked NASA and caused a 21-day shutdown of their computers. (2013) Sony got Hacked badly, assumably approx. around 100Terabytes of data was compromised & stolen. (2014)

6 You spend good budget on IT What if it all got compromised? Are you sure your investment is safe? Firewalls & Antiviruses alone can t stop hackers

7 Intelligently manage vulnerabilities Avoid the cost of downtimes Avoid loss of data Avoid leak of Confidential data Meet regulatory requirements and avoid fines Preserve corporate image and customer loyalty

8 continued.. Avoid costs for remediation Avoid Millions of dollars worth loss of the hard-earned money Why not identify and address the risks now while you can?

9 Weaknesses New vulnerabilities everyday, don t stop just your business, they compromise your image too. PenTests should be performed on a regular basis This reveals newly discovered threats or emerging vulnerabilities that may potentially be attacked Additionally to regular analysis and assessment, PenTest whenever: New network infrastructure or applications are added Significant upgrades or modifications are applied to infrastructure or applications New office or branc locations are established Security patches are applied End user policies are modified etc

10 Quality Infrastructures across the Region. We specialize in a wide spectrum of penetration testing capabilities. Info gathering Foot-printing Vulnerability assessment Exploitation Reporting Our penetration testing comprehends All OS (Win, Linux, OSX) Web applications Client-server applications Infrastructure ERP systems Mobile applications wireless, social engineering, etc

11 Web Application Penetration Testing Network Penetration Testing Network Security Consulting Wireless Penetration Testing Risk-based Penetration Testing

12 Assess the security of the application by focusing on Remotely exploitable vulnerabilities Application architecture Design & Implementation We assess the controls with Privilege levels Development and delivery Overall design of the applications This helps to give the total threat profile of your web application environment

13 This type of a penetration test involves identifying the targets through Google searches WHOIS DNS queries etc Fingerprinting and identifying vulnerabilities Limited exploitation is always done in terms of password guessing, directory traversals, file uploads, etc Before going for stronger exploitation methods such as Denial of Service attacks, Buffer Overflow exploits, an so on, we take prior written consent so as to not to cause possible consequences from the such exploitation methods

14 We audit, design and implement solutions in the areas of IP networking, firewalls, network monitoring, high availability, vulnerability management, security policy development, encryption, intrusion detection and prevention, content filtering, authentication, anti-virus, anti-spam etc. We reduce Security threats and implement strategies for defending resources from external and internal threats. Security is more than just implementing a solution, it s a process. You need to understand what you re trying to protect, from whom you are protecting it, how you will protect it and know when you have been successful. Security is just a concept, until it is tested successfully.

15 We offer the Auditing and Consultancy services to assist in understanding the security posture of your WLAN and to configure it to the maximum security level possible We enumerate the Wireless Network then Crack its encryption We will proceed to crack the algorithm used to secure the network We then fully penetrate the appliance and gain access over the entire Wireless network Benefits of Wireless Auditing Help understand the security vulnerabilities in current WLAN setup Help to fix those issues Help to get more control over wireless network Help in increasing productivity

16 The days and age of tool-based scanning are long gone Our real expertise comes into play leveraging the test cases combined with our strong understanding of business processe across various industries The need of today is for the hard-core and manual pentesting and to understand the risks associated with the app This approach, then might also include social engineering attacks, threat modelling, and other elements that might not be typical of a traditional penetration testing exercise.

17

18

19 Latitude & Longitude , Degree Decimal N E Degree, min, sec N E