Offering Innovative software application solutions to Government and Commercial Sectors
Our comprehensive cyber security services not only help businesses to assess, build and manage their cyber security capabilities, but also enable them to respond to incidents and crisis.
Vulnerability Assessment and Penetration Testing – Need
- Organizations are becoming increasingly dependent on technology and the Internet
- The loss of technology or the Internet would bring operations to a halt
- The need for security increases as our dependence on technology increases
- Management wants to have assurance that technology has the attention it deserves
- Does our current security posture address what we are trying to protect?
- Do we know what we need to protect? Where can we improve?
- Where do we start?
- Are we compliant with laws, rules, contracts and organizational policies? What are your risks?
Our Expertise in Cyber Security
- Vulnerability Assessment
- Penetration Test
- Application Assessment
- Code Review
- Configuration Audit
- Wireless Assessment
How we do it? – Scope
- What will be the scope of the assessment?
- Network (Pen-Test, Vulnerability Scan, wireless)
- Application (Code or Vulnerability scan)
- Process (business or automated)
- How critical is the system you are assessing?
- High, medium – use independent assessor
- Low – self assessment
How we do it? – Checklists and Standards
We assess, prescribe fixes and certify against all Industry leading standards such as:
- Penetration Testing Execution Standard (PTES): http://www.pentest-standard.org/index.php/FAQ
- Open Web Application Security Project (OWASP): https://www.owasp.org/index.php/Main_Page
- National Institute of Standards and Technology (NIST) Special Publications: http://csrc.nist.gov/publications/PubsSPs.html
- SysAdmin, Audit, Network and Security (SANS) Top 25: https://www.sans.org/about/
How we do it? – Testing Types
- Black Box Testing
- Assessor starts with no knowledge
- White Box Testing
- Assessor starts with knowledge of the system, i.e. the code
- Grey Box Testing
- Assessor has some knowledge, not completely blind
- Code Review
- Vulnerability scanning
- Configuration review
- Verification testing
- Information leakage
- Input/output Manipulation
How we do it? – Tools
- Proprietary Tools developed by us
- Industry standard toolsets like BurpSuite, Acunetix, ZAPP, Nmap, IBM Appscan, and much more
PS: We integrate all the toolsets into our proprietary Platform integrator which gives a holistic picture of all Vulnerability scans and potential holes in the Application and Configuration
How we do it? – Review Techniques
- Documentation Review
- Log Review
- Ruleset Review
- System Configuration Review
- Network Sniffing
- File Integrity Checking
How we do it? – Analysis Techniques
- Network Discovery
- Network Port and Service Identification
- OS fingerprinting
- Vulnerability Scanning
- Wireless Scanning
- Passive Wireless Scanning
- Active Wireless Scanning
- Wireless Device Location Tracking (Site Survey)
- Bluetooth Scanning
- Infrared Scanning
- Password Cracking
- Transmission / Storage
- Penetration Testing
- Automated / Manual
- Social Engineering
Let's Get Started!
We’d love the opportunity to show you how Tri-Force team would help with your cyber security needs using our solution for network security monitoring, mobile, and web application security testing.