IT Security Consulting
Web Application Security
The application security audit is a simulated, realistic hacker attack on an application and its and back-end systems. Web applications, mobile apps, appliances as well as classic client/server applications may be examined as executable programs or as source code. In this era of Internet and everything being online, most of the businesses today depend on web applications to deliver their message, conduct business, interact with customers, buy/sell products, and keep their audience up to date with the happenings in their organizations, industry and world at large. Web applications are very complex since multiple tools and technologies are used to build them. Due to the highly complex and competitive nature in today's world, one of the means businesses address the constant change in their industry environment is by frequently updating and upgrading their web applications to stay ahead of competition. In contrast to the security scan and the penetration test also privileged tests will be executed, and thus an application security audit is an attack from an insider's perspective.
Network Penetration Testing
Network Penetration Testing is a fundamental part of any I.T Security standard; with security dynamics within your organization ever changing, new threats materializing, risks exposure increasing, new applications provisioned with inherent security concerns, auditing becomes an integral process to ensure risks are contained and controlled.
Cydcon, utilizes components from several different testing frameworks including: OWASP, OSSTMM, SANs.
Mobile App Security
Cydcon's Mobile App Security Testing service provides a detailed security analysis of your phone or tablet based app. A key feature of this service is manual testing by experienced security professionals, which typically uncovers many more issues than automated tests alone. Our service is designed to rigorously push the defenses of not only the app itself, but also the servers it interacts with. It is suitable for commissioning, third party assurance, post-attack analysis, audit and regulatory purposes where independence and quality of service are important requirements.
Secure Configuration Audit
Cydcon provides secure configuration audit checks every facet of your network for the vulnerabilities hackers exploit to gain access. This includes operating systems, your network, and databases. A Secure Configuration Audit protects vulnerabilities against sophisticated, targeted long term attacks where hackers gain access to privileged systems and data.
Leading technology advisory firm Gartner, considers configuration hardening an essential defense against targeted attacks.
Source Code Review
Source Code review discovers hidden vulnerabilities, design flaws, and verifies if key security controls are implemented. Cydcon uses a combination of scanning tools and manual review to detect insecure coding practices, backdoors, injection flaws, cross site scripting flaws, insecure handling of external resources, weak cryptography, etc. Our skilled code reviewer evaluate the entire code layout of the application including areas that wouldn't be analyzed in an application security test such as entry points for different inputs, internal interfaces and integrations, data handling and validation logic, and the use of external API's and frameworks.
Risk and Compliance Audit
A Risk Assessment is critical for understanding the various threats to your IT systems, determining the level of risk these systems are exposed to, and recommending the appropriate level of protection. Above Security's Risk Assessments provide analysis and interpretation of the risks present in your organizational and technical environment. The objective of this analysis is to provide you with relevant information necessary to make an informed decision as to how to best manage the identified risks.
Ensure that you are not introducing new risks after adding new applications or systems to your environment, making modifications to your existing IT environment, or sharing information with new external entities.
