Ethical Hack / Penetration test
Our team will test your application using automated and manual penetration test to identify security weaknesses and provide recommendations for their mitigation. Regularly conducting such tests and doing them when major changes have been done are good practice. Our team specialises in LAMP environments for such tests and uses its own testing methods based on recommendations and guidelines from OWASP, SANS CWE Top 25. After testing our team will release a vulnerability report and analyse the results with your team to help with the remediation.
To understand more please download our “Application ethical hack scope guideline” document.
Server security consultancy with optional secure hosting
Our system administrators have years of experience and can take a look at your setup to make recommendations on a more secure environment. Additionally we can provide a secure hosting environment for your projects. Secure hosting requires us to review our standards regularly, ensure the latest updates are always available and do a customised setup keeping server hardening in mind. Along with security backup and recovery solutions we ensure that if a failure does happen we have solutions in place for a quick recovery. Archival backups ensure we can refer to older versions.
Compliance, processes and documentations
We help companies review their application/website, help them getting started with their policies and guide and help them creating documentation and processes for system/network architecture, data classification, data security storage/transmission, password policy, backup policy, encryption protocols and tools, physical security, data retention/disposal, change management, account management, risk management, policy exceptions, asset management, logging policy, monitoring policy, security incident management and business continuity.
System performance check (LAMP environment)
System performance checks are vital on regular basis as they ensure your current architecture is able to take some limited stress as and when needed. This ensures you are better aware of the limitations of the system, and also if the application can be tweaked to reduce its processor/memory requirement which in turn allows the environment to serve more pages and allow more visitors. We can help: create guidelines for testing system performance; in testing your application with stress tests; create reports and make recommendations for changes to achieve faster/better performance.
Coding review (LAMP)
Helping your team reviewing their coding strategy keeping security in mind. Avoiding top vulnerabilities like SQL injections, XSS attack. CHelping your team reviewing their coding strategy keeping security in mind. Avoiding top vulnerabilities like SQL injections, XSS attack. Confirming recommendations from OWASP like injection, broken authentication and session management, cross-site scripting (XSS), insecure direct object references, security misconfiguration, sensitive data exposure, missing function level access control, cross-site request forgery (CSRF), using components with known vulnerabilities, unvalidated redirects and forwards. Our team will review and then advice the best solution forward considering costs for the changes as well.
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) is a strong and unified data General Data Protection Regulation (GDPR) is a strong and unified data protection for all individuals within the European Union (EU). You are in scope if you are a data controller (organisation that collects data from EU residents) or processor (organisation that processes data on behalf of data controller e.g. cloud service providers) or the data subject (person) is based in the EU. We can help you ensure meeting the requirements of GDPR and having your policies and practices in place. The regulation was adopted on 27 April 2016 and it has become enforceable since 25 May 2018.
Security audit with risk register
For non intrusive security audits we have a team which has experience over several years in web programming, database, network architecture, server hosting, security audits and security testing. This involves us going through various areas like application security, data security, infrastructure, access management, monitoring and logging, organisational policy etc via our customised assessment approach. Our findings will be reported back as a risk register which is an industry standard for risk management. We will be available for help and discussions at each step.
To understand more please download our “Security audit scope guideline non intrusive” document.
Security training to staff
Humans form part of the security checks and humans make mistakes, they either forget, don’t understand the consequences or fall prey to malicious practices. Training your staff on security aspects is an important activity, one that needs to ideally be repeated every year. We help understand the immediate risks for your company and conduct training sessions to ensure your staff is aware of the risks, whether it’s based on a recent incident or a general security awareness. At the end of the training, we offer a Q&A session, and share our training documents.