Web applications security :

Our Client’s Needs :

The client wanted to ensure the security of its application and its customers data. Data security and confidentiality was of paramount importance thorough this project and the end-goal was to assess the security posture of the web application and determine any vulnerabilities that may exist.

Scope of Engagement:

The Client decided on conducting an External Web Application Testing of the new web-portal and its web-services. Our scope included: Web Applications security.

Methodology :

Taking in-consideration the Clients requirements, SySmox consultants identified the best methodology that would cater to the Clients goals. The process determined was a unique combination of Open-Source, Commercial and In-house Proprietary applications .

A thorough analysis was carried out while meeting industry and legal requirements, Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software and provide solutions.

Deliverables :

The final report detailed all of the potential vulnerabilities and the successful exploits. After the attack phase was complete, Security SySmox personnel provided a security recommendations document to assist the clients technical staff in improving their technical security posture and their information security policies.

Value Delivered :

Our technical (Testing penetration) Service allowed the Client to assess the security posture of the new Information Sharing system and the systems directly connected to it. Furthermore the Client gained the following benefits:

Risk Benefits:

Security SySmox assisted the clients in minimizing the risks faced by the new web-portal. Furthermore they were able to thwart some potentially very serious issues that would have compromised the security of their customers sensitive information.

Cost Savings:

Security SySmox suggested cost-effective risk-mitigation measures based on the customers business requirements that would ensure security and continuity of the business. Furthermore, we were able to identify and remediate vulnerabilities that could have been used by malicious users for financial gain. The Client was able to avoid massive financial loss through some logic based vulnerabilities.

Customer Satisfaction:

Web Application Testing was conducted with minimum interruption to identify security vulnerabilities and potential risks.

Successful Business Execution:

With a complete security engagement, the Client was able to launch their new web-portal in a huge way and successfully make it one of the leading financial portals today.

Avoided Compliance Violation:

Our Client was able to avoid and remediate vulnerabilities that would have caused serious violations of Compliance and Regulatory obligations.

Network and System Penetration Testing

How secure is your server and network? Get the benefits of a standard evaluation and an additional specialist server and network Security report.

Scan server network :

Scan server network for all open ports and all active services During the Penetration stage, Sysmox scans your hosting and network.
During the scan process we discover extensive information about each device's operating system, any open ports and any TCP/IP, ICMP, UDP, SNMP and DHCP services running on your device.
Sysmox also discovers and tests switches and routers connected to your servers. Tests for each specific known vulnerability fitting your system's profile are run. Many additional tests are also conducted for each device such as factory default or easy-to-guess passwords, etc.

Devices Scanned:

Web servers, Application servers, Email Servers, Database Servers, Firewalls, Routers, Addressable Switches and Hubs, FTP Servers, LDAP Servers, Load Balancers.

Services Scanned:

DNS, CGI, Databases, E-commerce, FTP, Front Page, General Remote Services, Hardware & Network appliances, Information services, (NIS, LDAP, WHOIS), News, IRQ, SMTP and all Mail Transfer, all TCP/IP, ICMP, UDP, SNMP, DHCP, HTTP, Telnet and SSH, all UNIX and Linux, all windows ; Databaes and frameworks

Identify and report:

During the Identify stage, sysmox reviews each fingerprint item against our manual and automatically scanning ; Hacking techniques : checking thousands of vulnerabilities .
SySmox security report matches your system's fingerprint against each new penetration hack, worm, badware, trojan or other threat as soon as it appears.
Sysmox identifies specific threats that apply to your servers and provide solutions .

Tests and recommendations :

The final report detailed all of the potential vulnerabilities and the successful exploits and hacking attacks. After the test phase was complete, Security SySmox personnel provided a security recommendations in report to assist the clients technical staff in improving their technical security posture and their information security policies. We also provide you with recommendations for patches that apply to your specific system configuration .