Scribd
Upload
204 views17 pages

Security Testing Services Sciencesoft

The document discusses security testing services including penetration testing, vulnerability assessment, security code review, and compliance testing. It provides details on the types of penetration testing and describes services related to vulnerability assessment, infrastructure security audit, compliance testing, and security code review.

Uploaded by

Wondachew Woldeyesus
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
204 views17 pages

Security Testing Services Sciencesoft

The document discusses security testing services including penetration testing, vulnerability assessment, security code review, and compliance testing. It provides details on the types of penetration testing and describes services related to vulnerability assessment, infrastructure security audit, compliance testing, and security code review.

Uploaded by

Wondachew Woldeyesus
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Security Testing Services

Penetration testing. Vulnerability assessment. Security code review.


Infrastructure security audit. Compliance testing

www.scnsoft.com © 2021 ScienceSoft ®


Key Facts

ScienceSoft is an IBM Silver Business Partner that has been


working in the Security Intelligence area since 2003.

18 years in 700 150+ projects


information security employees in security consulting

www.scnsoft.com © 2021 ScienceSoft ®


Our Customers in Security

www.scnsoft.com © 2021 ScienceSoft ®


Security Testing Services We Provide

 Penetration testing
to check the protection of the entire IT infrastructure or
applications by finding and exploiting security vulnerabilities

 Vulnerability assessment
to detect and prioritize security weaknesses in the IT
infrastructure and provide recommendations on their mitigation
 Infrastructure security audit
to find vulnerabilities in security policies and procedures,
security monitoring tools, physical access control, etc.

 Compliance testing
to ensure the compliance with PCI DSS, HIPAA, and other
regulatory standards

 Security code review


to identify encryption, buffer overflow, XSS vulnerabilities, and
other security weaknesses possibly overlooked in the
development phase

www.scnsoft.com © 2021 ScienceSoft ®


Penetration Testing

Penetration testing aims to identify security vulnerabilities and determine


whether they are genuine and what damage they may inflict. For that,
we exploit vulnerabilities to simulate an attack on the system. We carry out
OWASP TOP 10-based penetration testing of:

Web applications Mobile apps

Remote access Network services

IoT devices Client side

Employee behavior
(Social engineering testing)

www.scnsoft.com © 2021 ScienceSoft ®


Types of Penetration Testing We Provide

1 2 3

Black box model Gray box model White box model


We work in life-like We examine your We identify potential points
conditions having strictly system having some of weakness by using
limited knowledge of your information on your admin rights and access to
network and no network, such as user server configuration files,
information on the security login details, database encryption
policies, network structure, architecture diagrams principles, source code or
software and network or the network’s architecture
protection used overview documentation

www.scnsoft.com © 2021 ScienceSoft ®


Vulnerability Assessment

Vulnerability assessment intends to identify, quantify and rank


vulnerabilities, as well as provide customers with recommendations to help
eliminate security risks. We perform automated and manual evaluation to
detect security weaknesses in:

IT infrastructure Applications

Network Web apps

Email services Mobile apps

Desktop apps

www.scnsoft.com © 2021 ScienceSoft ®


Infrastructure Security Audit

We check the infrastructure to identify vulnerabilities in the


following areas:

Security Security Physical Configuration Version


policies and monitoring access management control
procedures tools control

www.scnsoft.com © 2021 ScienceSoft ®


Compliance Testing

We perform automated scanning and manual analysis to:

Ensure a customer’s Further provide a


compliance with PCI DSS, customer with an
HIPAA and other attestation letter on the
regulatory standards basis of testing results

www.scnsoft.com © 2021 ScienceSoft ®


Security Code Review

We examine an application source code to find errors overlooked


in the development phase, e.g.:

Encryption SQL injection


errors vulnerabilities

Buffer XSS
overflows vulnerabilities

www.scnsoft.com © 2021 ScienceSoft ®


Elimination of Detected Vulnerabilities

We have the necessary skills to eliminate vulnerabilities and errors


using our own resources, i.e. by engaging:

Developers DevOps engineers Cybersecurity team

www.scnsoft.com © 2021 ScienceSoft ®


Cooperation Models

One-time services Managed services

Gathering all the Impartial Conducting security Spending less time


details about the security assessment on a and money to
object of assessment assessment regular basis implement projects

Security evaluation without Constant awareness of occurring


vendor lock-in security vulnerabilities

www.scnsoft.com © 2021 ScienceSoft ®


Success Story

Vulnerability Assessment for a US Reporting Services Provider

Customer Solution

A US mobile ScienceSoft assessed the


credit security level of the
monitoring Customer’s network,
and reporting revealed critical security
services issues and prepared the
provider Customer for passing PCI
DSS validation

Tools
Tools
&&Methodologies
Technologies

Nessus, OpenVAS, Nmap, ARP-scan

www.scnsoft.com © 2021 ScienceSoft ®


Success Story

Penetration Testing for a Fintech Company

Customer Solution

A UK financial ScienceSoft conducted


technology black box penetration
company testing of the Customer’s
providing a supply chain management
supply chain portal and complementing
finance portal mobile apps, and defined
corrective measures to
mitigate identified
vulnerabilities
Tools & Methodologies

Metasploit, Nmap, SQLMap, Nikto, DIRB,


BurpSuite, Nessus, Zmap

www.scnsoft.com © 2021 ScienceSoft ®


Success Story

Code Review and Penetration Testing of a Cloud App

Customer Solution

An award- ScienceSoft performed


winning automated and manual
European IT source code reviews and
company penetration testing of a
cloud-based application for
tax return, allowing to
reveal and mitigate
vulnerabilities critical to the
security of sensitive data
Tools
Tools
&&Methodologies
Technologies

Metasploit, Wireshark, OpenVAS, Nessus,


BurpSuite, w3af

www.scnsoft.com © 2021 ScienceSoft ®


Success Story

API Penetration Testing for a Bank

Customer Solution

A European ScienceSoft carried out


bank with manual and automated
$400+ million penetration testing using
in assets both black box and white
box models and provided
a detailed report on how
to improve the current API
security and to ensure the
safety of sensitive data
Tools & Methodologies

Nessus, IBM AppScan, IBM Application Security


on Cloud, Acunetix, BurpSuite Pro, Sqlmap

www.scnsoft.com © 2021 ScienceSoft ®


Let’s Keep in Touch!

The United Europe The Nordics Gulf Cooperation


States Council
Headquarters Latvia Finland The UAE
+1 214 306 68 37 +371 2569 2767 +358 92 316 30 70 +971 585 73 84 33
[email protected] [email protected] [email protected] [email protected]

www.scnsoft.com © 2021 ScienceSoft ®

You might also like