Security Testing Services

Penetration testing. Vulnerability assessment. Security code review. Infrastructure security audit. Compliance testing

ScienceSoft is an IBM Silver Business Partner that has been working in the Security Intelligence area since 2003.

18 years in 700 150+ projects information security employees in security consulting

 Penetration testing to check the protection of the entire IT infrastructure or applications by finding and exploiting security vulnerabilities

 Vulnerability assessment to detect and prioritize security weaknesses in the IT infrastructure and provide recommendations on their mitigation  Infrastructure security audit to find vulnerabilities in security policies and procedures, security monitoring tools, physical access control, etc.

 Compliance testing to ensure the compliance with PCI DSS, HIPAA, and other regulatory standards

 Security code review to identify encryption, buffer overflow, XSS vulnerabilities, and other security weaknesses possibly overlooked in the development phase

Penetration testing aims to identify security vulnerabilities and determine whether they are genuine and what damage they may inflict. For that, we exploit vulnerabilities to simulate an attack on the system. We carry out OWASP TOP 10-based penetration testing of:

Web applications Mobile apps

Remote access Network services

IoT devices Client side

Employee behavior (Social engineering testing)

1 2 3

Black box model Gray box model White box model

We work in life-like We examine your We identify potential points conditions having strictly system having some of weakness by using limited knowledge of your information on your admin rights and access to network and no network, such as user server configuration files, information on the security login details, database encryption policies, network structure, architecture diagrams principles, source code or software and network or the network’s architecture protection used overview documentation

Vulnerability assessment intends to identify, quantify and rank vulnerabilities, as well as provide customers with recommendations to help eliminate security risks. We perform automated and manual evaluation to detect security weaknesses in:

IT infrastructure Applications

Network Web apps

Email services Mobile apps

Desktop apps

We check the infrastructure to identify vulnerabilities in the following areas:

Security Security Physical Configuration Version policies and monitoring access management control procedures tools control

We perform automated scanning and manual analysis to:

Ensure a customer’s Further provide a compliance with PCI DSS, customer with an HIPAA and other attestation letter on the regulatory standards basis of testing results

We examine an application source code to find errors overlooked in the development phase, e.g.:

Encryption SQL injection errors vulnerabilities

Buffer XSS overflows vulnerabilities

We have the necessary skills to eliminate vulnerabilities and errors using our own resources, i.e. by engaging:

Developers DevOps engineers Cybersecurity team

One-time services Managed services

Gathering all the Impartial Conducting security Spending less time details about the security assessment on a and money to object of assessment assessment regular basis implement projects

Security evaluation without Constant awareness of occurring vendor lock-in security vulnerabilities

Vulnerability Assessment for a US Reporting Services Provider

Customer Solution

A US mobile ScienceSoft assessed the credit security level of the monitoring Customer’s network, and reporting revealed critical security services issues and prepared the provider Customer for passing PCI DSS validation

ToolsTools & &Methodologies Technologies

Nessus, OpenVAS, Nmap, ARP-scan

Penetration Testing for a Fintech Company

Customer Solution

A UK financial ScienceSoft conducted technology black box penetration company testing of the Customer’s providing a supply chain management supply chain portal and complementing finance portal mobile apps, and defined corrective measures to mitigate identified vulnerabilities Tools & Methodologies

Metasploit, Nmap, SQLMap, Nikto, DIRB, BurpSuite, Nessus, Zmap

Code Review and Penetration Testing of a Cloud App

Customer Solution

An award- ScienceSoft performed winning automated and manual European IT source code reviews and company penetration testing of a cloud-based application for tax return, allowing to reveal and mitigate vulnerabilities critical to the security of sensitive data ToolsTools & &Methodologies Technologies

Metasploit, Wireshark, OpenVAS, Nessus, BurpSuite, w3af

API Penetration Testing for a Bank

Customer Solution

A European ScienceSoft carried out bank with manual and automated $400+ million penetration testing using in assets both black box and white box models and provided a detailed report on how to improve the current API security and to ensure the safety of sensitive data Tools & Methodologies

Nessus, IBM AppScan, IBM Application Security on Cloud, Acunetix, BurpSuite Pro, Sqlmap

The United Europe The Nordics Gulf Cooperation States Council

Headquarters Latvia Finland The UAE +1 214 306 68 37 +371 2569 2767 +358 92 316 30 70 +971 585 73 84 33 [email protected] [email protected] [email protected] [email protected]