Security Testing Services
Penetration testing. Vulnerability assessment. Security code review. Infrastructure security audit. Compliance testing
www.scnsoft.com © 2021 ScienceSoft ® Key Facts
ScienceSoft is an IBM Silver Business Partner that has been working in the Security Intelligence area since 2003.
18 years in 700 150+ projects information security employees in security consulting
www.scnsoft.com © 2021 ScienceSoft ® Our Customers in Security
www.scnsoft.com © 2021 ScienceSoft ® Security Testing Services We Provide
Penetration testing to check the protection of the entire IT infrastructure or applications by finding and exploiting security vulnerabilities
Vulnerability assessment to detect and prioritize security weaknesses in the IT infrastructure and provide recommendations on their mitigation Infrastructure security audit to find vulnerabilities in security policies and procedures, security monitoring tools, physical access control, etc.
Compliance testing to ensure the compliance with PCI DSS, HIPAA, and other regulatory standards
Security code review to identify encryption, buffer overflow, XSS vulnerabilities, and other security weaknesses possibly overlooked in the development phase
www.scnsoft.com © 2021 ScienceSoft ® Penetration Testing
Penetration testing aims to identify security vulnerabilities and determine whether they are genuine and what damage they may inflict. For that, we exploit vulnerabilities to simulate an attack on the system. We carry out OWASP TOP 10-based penetration testing of:
Web applications Mobile apps
Remote access Network services
IoT devices Client side
Employee behavior (Social engineering testing)
www.scnsoft.com © 2021 ScienceSoft ® Types of Penetration Testing We Provide
1 2 3
Black box model Gray box model White box model
We work in life-like We examine your We identify potential points conditions having strictly system having some of weakness by using limited knowledge of your information on your admin rights and access to network and no network, such as user server configuration files, information on the security login details, database encryption policies, network structure, architecture diagrams principles, source code or software and network or the network’s architecture protection used overview documentation
www.scnsoft.com © 2021 ScienceSoft ® Vulnerability Assessment
Vulnerability assessment intends to identify, quantify and rank vulnerabilities, as well as provide customers with recommendations to help eliminate security risks. We perform automated and manual evaluation to detect security weaknesses in:
IT infrastructure Applications
Network Web apps
Email services Mobile apps
Desktop apps
www.scnsoft.com © 2021 ScienceSoft ® Infrastructure Security Audit
We check the infrastructure to identify vulnerabilities in the following areas:
Security Security Physical Configuration Version policies and monitoring access management control procedures tools control
www.scnsoft.com © 2021 ScienceSoft ® Compliance Testing
We perform automated scanning and manual analysis to:
Ensure a customer’s Further provide a compliance with PCI DSS, customer with an HIPAA and other attestation letter on the regulatory standards basis of testing results
www.scnsoft.com © 2021 ScienceSoft ® Security Code Review
We examine an application source code to find errors overlooked in the development phase, e.g.:
Encryption SQL injection errors vulnerabilities
Buffer XSS overflows vulnerabilities
www.scnsoft.com © 2021 ScienceSoft ® Elimination of Detected Vulnerabilities
We have the necessary skills to eliminate vulnerabilities and errors using our own resources, i.e. by engaging:
Developers DevOps engineers Cybersecurity team
www.scnsoft.com © 2021 ScienceSoft ® Cooperation Models
One-time services Managed services
Gathering all the Impartial Conducting security Spending less time details about the security assessment on a and money to object of assessment assessment regular basis implement projects
Security evaluation without Constant awareness of occurring vendor lock-in security vulnerabilities
www.scnsoft.com © 2021 ScienceSoft ® Success Story
Vulnerability Assessment for a US Reporting Services Provider
Customer Solution
A US mobile ScienceSoft assessed the credit security level of the monitoring Customer’s network, and reporting revealed critical security services issues and prepared the provider Customer for passing PCI DSS validation
ToolsTools & &Methodologies Technologies
Nessus, OpenVAS, Nmap, ARP-scan
www.scnsoft.com © 2021 ScienceSoft ® Success Story
Penetration Testing for a Fintech Company
Customer Solution
A UK financial ScienceSoft conducted technology black box penetration company testing of the Customer’s providing a supply chain management supply chain portal and complementing finance portal mobile apps, and defined corrective measures to mitigate identified vulnerabilities Tools & Methodologies
Metasploit, Nmap, SQLMap, Nikto, DIRB, BurpSuite, Nessus, Zmap
www.scnsoft.com © 2021 ScienceSoft ® Success Story
Code Review and Penetration Testing of a Cloud App
Customer Solution
An award- ScienceSoft performed winning automated and manual European IT source code reviews and company penetration testing of a cloud-based application for tax return, allowing to reveal and mitigate vulnerabilities critical to the security of sensitive data ToolsTools & &Methodologies Technologies
Metasploit, Wireshark, OpenVAS, Nessus, BurpSuite, w3af
www.scnsoft.com © 2021 ScienceSoft ® Success Story
API Penetration Testing for a Bank
Customer Solution
A European ScienceSoft carried out bank with manual and automated $400+ million penetration testing using in assets both black box and white box models and provided a detailed report on how to improve the current API security and to ensure the safety of sensitive data Tools & Methodologies
Nessus, IBM AppScan, IBM Application Security on Cloud, Acunetix, BurpSuite Pro, Sqlmap
www.scnsoft.com © 2021 ScienceSoft ® Let’s Keep in Touch!
The United Europe The Nordics Gulf Cooperation States Council
Headquarters Latvia Finland The UAE +1 214 306 68 37 +371 2569 2767 +358 92 316 30 70 +971 585 73 84 33 [email protected] [email protected] [email protected] [email protected]
www.scnsoft.com © 2021 ScienceSoft ®