IT Consultant

Vulnerability Assessment is the systematic examination of an information system or product to determine the adequacy of security measures.

It helps to identify security deficiencies, provide data from which one can predict the effectiveness of proposed security measures, and confirm the adequacy of such measure after implementation

Features:

•Discover and manage all network devices and application

•Identify and remediate network security vulnerabilities

•Measure and manage overall security exposure and risk

•Ensure compliance with internal policies and external regulation

Why is it required?

To identify the present vulnerability that exist in your network (Missing Patches, buffer overflow, default usernames & Password, Un Used user, etc)

How?

•Study the scope of IT architecture & Components required for assessment

•Define the scan policy for each target

•Information gathering, finger printing, port scanning, password analysis, attack stimulation

•Comparing the configuration with the industry standard and rating them

•Scan the targeted network(s) and host(s) based on the define scan policy collect the scan results and analyse for security loopholes, configuration errors, default installation settings, overlooked setup, firmware/software revisions, patch fixes, etc

A penetration test is a method of evaluating the security of a system, application or network by simulating an attack by a malicious hacker. The process involves an active analysis of the system for any weakness, technical flaws or vulnerabilities.

Features

•Enables you to see if the networks and web application can be penetrated

•Gives you a comprehensive list of all security vulnerabilities on your perimeter network

Why is it required?

From a business perspective, penetration testing helps safeguard your organization against failure through proving due diligence and compliance to your industry regulators, customers and shareholder.

A network penetration test typically employs globally accepted approaches based on the penetration testing execution standard (PTES)

1. Information gathering

2. Threat Modelling

3. Vulnerability Analysis

4. Exploitation

5. Post Exploitation

6. Reporting

Deployment Tools

Nmap, Nessus, sqlmap, w3af, nipper, metasploit, zenmap, owasp, burp suite, NIKTO, openvas.

Value Additions

•Follows ISO 27001 benchmarking for information security, ITIL for IT service management and PRINCE2 standard for project management

•Conducts VAPT under several international benchmarking like ISO 27001:2013 standard, sans top 20 and OWASP top 10 etc.

•Core team comprises of CEH/ GPEN / ISO 27001 LA with extensive industry experience encompassing information system assurance, IT security and audits.

•Auditors from certifying authority background (PECB, APMG, BSI, etc.)