Services 2017-03-25T21:45:57+00:00

SECURITY ARCHITECTURE ASSESSMENTS

Your organisation needs to embed security in its systems and programmes in order to reduce vulnerabilities at an early stage. 

It’s important that your security stance is understood and justifiable against actual business requirements, minimising gaps and vulnerabilities and preventing overspend on unnecessary controls. Our security architecture and design service allows us to understand your project, its business objectives and goals, and build the architecture you need to protect your business against cyber-attacks using the Sherwood Applied Business Security Architecture (SABSA) methodology. 

This approach starts with the business requirements developing a comprehensive solution to support your organisation in a transparent and risk management based way. Depending on your project size, together we define the solution that suits you: 

Enterprise Security Architecture (ESA)
Designed architecture services with a report detailing how security supports the business.

Solution Security Architecture (SSA)
A service for smaller projects supporting your technical/solution architects in the design of services to ensure that the security requirements are met.

WEB APPLICATION PENETRATION TESTING

Web Application Penetration Testing evaluates the vulnerabilities of web applications by analyzing the unshielded defenses within the web applications which are so widely used in all Enterprises today. Web applications prove to be the most fragile of all when it comes to security in most of the organizations. Being the most accessible publicly and the most preferred touch point for most stakeholders, web applications face the maximum risk of being breached and lead malicious attackers into the system. It is then important to integrate a conducive and fool proof web application penetration testing technique into the workflows of the system.

Services for Web Application Penetration Testing include:

  • Inaccuracies Identification in the resources
    • Applications
    • Servers
    • Data Sources
  • Violations Management strategies
    • Simulations
    • Analyze Outcomes
    • Counter attack plans
  • Analyzing and Circumventing OWASP threats related to web applications
    • Injection
    • Broken Authentication and Session Management
    • Cross-Site Scripting
    • Insecure Direct Object References
    • Security Misconfiguration
    • Sensitive Data Exposure
    • Missing Function Level Access Control
    • Cross-Site Request Forgery
    • Using Components with Known Vulnerabilities
    • Invalidated Redirects and Forwards
  • Provide Preventive Actions Guidelines

SECURE SOURCE CODE AUDITING

Secure Source Code Auditing is an all-inclusive analysis and structured review of the source code in order to identify security vulnerabilities, errors or violations of safety rules. It ensures that the code contains efficient and appropriate security controls and also the software systems being developed are self-defending for the expected and unexpected. We offer our specialized services in secure source audit for web applications and the related systems.

Services for Secure Source Code Auditing include:

  • Source Code Assessment
    • Existing Code
    • New Code
  • Execution Errors Assessment
  • Vulnerabilities Identifications
    • During Input Capture & Generation of Outputs
  • System Access Audits
    • Authentications
    • Verifications
  • Communications Safety Checks
  • Security Libraries Verification
    • Cryptographic Routines
    • Third Party
  • Audit Reports & Trails

CLOUD APPLICATION PENETRATION TESTING

Cloud is the preferred solution for data storage, infrastructure and services on demand today. Most enterprises migrate to the Cloud following different models as alternatives; Public, Private or Hybrid and also service models of choice SaaS, IaaS or PaaS.

A meticulous Cloud Pen test would be a combination of using internal as well as external Pen Tests. An internal pen test accesses the servers and hosts in the Cloud, initiating a vulnerability test with the authenticated credentials. Once inside the perimeter, the Pen Tests stimulate what a hacker could. Security in the Cloud requires a well thought of strategy with continuous vigil and surveillance.

Services for Cloud Application Penetration Testing

  • Combination of penetration tests for testing in the Cloud
    • Saas Pen test
    • IaaS and Paas Pen test
    • Internal Pen test
    • External Pen test
  • Multi Cloud Security Solutions
  • Specialized solutions for Cloud based deployments
    • Data Protection
    • User Access Management
    • Cloud Visibility and Discrepancy Detections
  • Niche Hybrid Cloud security testing encompassing
    • On-Premise Solutions
    • Cloud based Solutions

MOBILE APPLICATION PENETRATION TESTING

Mobile devices invade the corporate world and also the lives of individuals. Enterprise Mobility and Mobile technologies take the centre stage of all the operations in the enterprises. Concepts like BYOD give momemtum to this shift, bringing in an array of different threats to the system, accesssible through a variety of devices and networks.

Services for Mobile Application Penetration Testing include:

  • Testing for popular Platforms and Devices
    • Android Applications
    • iOS Applications
    • Windows Phone Mobile Applications
  • Identifying mobile devices breaches into the system
  • Security awareness amongst the users
  • Social Engineering Security
  • Penetration testing through real world tactics
    • Phishing
    • Web form impersonation
    • Fake wireless access points
  • Audits and Reports as guidelines

NETWORK PENETRATION TESTING

The Network architecture becomes complex every passing day. Internal networks and the external networks fuse seamlessly to suit the ways of working in the modern day world. As information technology landscape adds to itself diverse Mobile Devices, Cloud based infrastructure, applications & services, Social Media and other contemporary concepts, threats loom large.

Services for Network Penetration Testing include:

  • External Penetration Test
    • Conducted from the internet as an external network
    • Exposes the vulnerabilities as seen from the internet through the firewall
    • Identification of types of resources exposed to the outer world
  • Internal Penetration Test
    • To check the risks from within the internal network like LAN
    • Assesses threats coming from workforce or processes within the Enterprise
    • Attempts breaches on internal networks through legitimate user credentials and the privilege levels
    • Relies on Social Engineering Testing

VULNERABILITY ASSESSMENT

A detailed evaluation of the information security framework to identify the loopholes and suggest appropriate mitigation processes, is Vulnerability Assessment. It is a process to mark and measure the vulnerabilities in the applications, system, and infrastructure and advise the methods to counter and eliminate these. It also points out the ranks of graveness of vulnerabilities and prioritizes the resolutions according to the importance of the resource.

Services for Vulnerability Assessment include:

  • Conduct Assessment
    • Information Gathering of the system & Vulnerability Assessment Plan
      • Network Mapping & Resource Authentications
      • Rogue Device Assessment
      • User Account Analysis
      • Permissions & Passwords evaluation
      • Web services & Applications Safety estimation
      • Third party services & applications
    • Scan Vulnerabilities
      • Review Findings from the Assessment
      • Define Issues Management Processes
    • Prioritizing
    • Mitigation & Counter measures