Security Testing Services
Total Page:16
File Type:pdf, Size:1020Kb
Security Testing Services Penetration testing. Vulnerability assessment. Security code review. Infrastructure security audit. Compliance testing www.scnsoft.com © 2021 ScienceSoft ® Key Facts ScienceSoft is an IBM Silver Business Partner that has been working in the Security Intelligence area since 2003. 18 years in 700 150+ projects information security employees in security consulting www.scnsoft.com © 2021 ScienceSoft ® Our Customers in Security www.scnsoft.com © 2021 ScienceSoft ® Security Testing Services We Provide Penetration testing to check the protection of the entire IT infrastructure or applications by finding and exploiting security vulnerabilities Vulnerability assessment to detect and prioritize security weaknesses in the IT infrastructure and provide recommendations on their mitigation Infrastructure security audit to find vulnerabilities in security policies and procedures, security monitoring tools, physical access control, etc. Compliance testing to ensure the compliance with PCI DSS, HIPAA, and other regulatory standards Security code review to identify encryption, buffer overflow, XSS vulnerabilities, and other security weaknesses possibly overlooked in the development phase www.scnsoft.com © 2021 ScienceSoft ® Penetration Testing Penetration testing aims to identify security vulnerabilities and determine whether they are genuine and what damage they may inflict. For that, we exploit vulnerabilities to simulate an attack on the system. We carry out OWASP TOP 10-based penetration testing of: Web applications Mobile apps Remote access Network services IoT devices Client side Employee behavior (Social engineering testing) www.scnsoft.com © 2021 ScienceSoft ® Types of Penetration Testing We Provide 1 2 3 Black box model Gray box model White box model We work in life-like We examine your We identify potential points conditions having strictly system having some of weakness by using limited knowledge of your information on your admin rights and access to network and no network, such as user server configuration files, information on the security login details, database encryption policies, network structure, architecture diagrams principles, source code or software and network or the network’s architecture protection used overview documentation www.scnsoft.com © 2021 ScienceSoft ® Vulnerability Assessment Vulnerability assessment intends to identify, quantify and rank vulnerabilities, as well as provide customers with recommendations to help eliminate security risks. We perform automated and manual evaluation to detect security weaknesses in: IT infrastructure Applications Network Web apps Email services Mobile apps Desktop apps www.scnsoft.com © 2021 ScienceSoft ® Infrastructure Security Audit We check the infrastructure to identify vulnerabilities in the following areas: Security Security Physical Configuration Version policies and monitoring access management control procedures tools control www.scnsoft.com © 2021 ScienceSoft ® Compliance Testing We perform automated scanning and manual analysis to: Ensure a customer’s Further provide a compliance with PCI DSS, customer with an HIPAA and other attestation letter on the regulatory standards basis of testing results www.scnsoft.com © 2021 ScienceSoft ® Security Code Review We examine an application source code to find errors overlooked in the development phase, e.g.: Encryption SQL injection errors vulnerabilities Buffer XSS overflows vulnerabilities www.scnsoft.com © 2021 ScienceSoft ® Elimination of Detected Vulnerabilities We have the necessary skills to eliminate vulnerabilities and errors using our own resources, i.e. by engaging: Developers DevOps engineers Cybersecurity team www.scnsoft.com © 2021 ScienceSoft ® Cooperation Models One-time services Managed services Gathering all the Impartial Conducting security Spending less time details about the security assessment on a and money to object of assessment assessment regular basis implement projects Security evaluation without Constant awareness of occurring vendor lock-in security vulnerabilities www.scnsoft.com © 2021 ScienceSoft ® Success Story Vulnerability Assessment for a US Reporting Services Provider Customer Solution A US mobile ScienceSoft assessed the credit security level of the monitoring Customer’s network, and reporting revealed critical security services issues and prepared the provider Customer for passing PCI DSS validation ToolsTools & &Methodologies Technologies Nessus, OpenVAS, Nmap, ARP-scan www.scnsoft.com © 2021 ScienceSoft ® Success Story Penetration Testing for a Fintech Company Customer Solution A UK financial ScienceSoft conducted technology black box penetration company testing of the Customer’s providing a supply chain management supply chain portal and complementing finance portal mobile apps, and defined corrective measures to mitigate identified vulnerabilities Tools & Methodologies Metasploit, Nmap, SQLMap, Nikto, DIRB, BurpSuite, Nessus, Zmap www.scnsoft.com © 2021 ScienceSoft ® Success Story Code Review and Penetration Testing of a Cloud App Customer Solution An award- ScienceSoft performed winning automated and manual European IT source code reviews and company penetration testing of a cloud-based application for tax return, allowing to reveal and mitigate vulnerabilities critical to the security of sensitive data ToolsTools & &Methodologies Technologies Metasploit, Wireshark, OpenVAS, Nessus, BurpSuite, w3af www.scnsoft.com © 2021 ScienceSoft ® Success Story API Penetration Testing for a Bank Customer Solution A European ScienceSoft carried out bank with manual and automated $400+ million penetration testing using in assets both black box and white box models and provided a detailed report on how to improve the current API security and to ensure the safety of sensitive data Tools & Methodologies Nessus, IBM AppScan, IBM Application Security on Cloud, Acunetix, BurpSuite Pro, Sqlmap www.scnsoft.com © 2021 ScienceSoft ® Let’s Keep in Touch! The United Europe The Nordics Gulf Cooperation States Council Headquarters Latvia Finland The UAE +1 214 306 68 37 +371 2569 2767 +358 92 316 30 70 +971 585 73 84 33 [email protected] [email protected] [email protected] [email protected] www.scnsoft.com © 2021 ScienceSoft ®.