IT Security Assessment
Our IT Security Assessment services or commonly known as Penetration Test is our most favourable services by most of our clients. Penetration test is a proactive process perform by independent expert security auditors in order to identify vulnerability gaps in an organisation security posture by using combinations of automated and manual methods of exploiting vulnerability within your IT infrastructure, web applications and human aspect. With penetration test, an organisation will recognise its weakest point in their security architecture so necessary countermeasure and fixes can be put in place in order to minimise security risk in their IT infrastructure and web applications
Once our security auditors have identified a vulnerability point, necessary steps or what we call "a proof of concept" will be executed to identify whether the vulnerability is a false positive or otherwise true positive. If it is a true positive, then we will report it to our client and recommend necessary steps to close it. At the end, our deliverable for this service is a set of report containing our findings and recommendations on how to close those findings. There are 3 types of IT security assessment, they are cotegorize into:
•  Network infrastructure security assessmen
With network infrastructure penetration test, we can help to identify common and uncommon vulnerabilities within your network environment. We used a combination of known standards in the field of penetration test to such as: ISSAF, PCI-DSS, OSSTMM, etc in order to execute this task. Most common subjects to penetration test in this scope are: OS Servers, Wireless network, Network devices, Network security devices, LAN and Communication devices.
•  Web Based Application security assessment
Web application security assessment is a way to identify common and uncommon vulnerabilities within an organisation web based application. We will emulates common and uncommon attacks to a web based application in order to test its security control and its supporting infrastructure (Web apps firewall, etc) to see whether or not it is vulnerable to a common attack technique. Once we find a vulnerability, we will execute exploits in order to perform a "proof of concept". Our web based application security assessment follows standards from OWASP, PCI-DSS, etc.
•  Source Code Review
Source Code Review is a service where we will dig deep within your web based application in order to find security gaps within the application coding. Sometimes it is impossible to find uncommon vulnerabilities just by performing regular penetration test. Using a combination computer-generated source code analysis and manual code review, our security auditors reveals vulnerabilities that may not be easy to exploit using black-box testing, such as back-doors or logic bombs as well as systemic issues such as insecure logging practices, gaps in authorisation logic, etc.