Vulnerability Assessment and Penetration Testing

The internet has its benefit and downside. It created globalisation, flexibility and ease however it also creates a channel for the criminals and fraudsters to steal, damage or corrupt the data which is very crucial to your business continuity and viability. We all prefer to do business online and as a result provide information that are confidential to us, such as, credit cards numbers, medical record, authentication data and other personally identifiable data. Consumer confidence is eroded daily from the plethora of news in the media about internet hacking, website and data compromise. This is the case because attackers are aware of the valuable information accessible through the web and make every effort to obtain it maliciously or by exploiting vulnerability in the application or business environment.

CARG highly skilled team of security experts can undertake internal vulnerability assessment of your business environment to identify where vulnerabilities exist in your existing technologies and business processes. Our experts adopt a technical and non-technical approach to complete the vulnerability assessment exercise. The output of the assessment is a report which includes vulnerability type, severity level, technical explanations and remediation instructions.

CARG team of security experts also conducts a penetration testing of application and infrastructure components within your organisation. Penetration testing activity builds on the vulnerability assessment exercise by attempting to manually exploit the identified vulnerabilities in a similar way internet criminals would have exploited the vulnerabilities.

Some of the vulnerability areas in scope are

  • ● Parameter Injection
    ● SQL Injection
    ● Cross Site Scripting
    ● Parameter Overflow
    ● Character Encoding
    ● Brute Force Authentication
    ● ..and many more

Bespoke Assessments include;

  • ● Web and Application Security Assessment
    ● Network Security Assessment
    ● Internal Network Audit
    ● Wireless Security Assessment

Network Security Assessments include;

  • ● Firewall Assessment and Audit
    ● Intrusion Detection and Prevention configuration review
    ● Routers, switches and other network device assessment
    ● Windows server configuration assessment and auditing
    ● Microsoft Active Directory assessment, relating to GPO and other settings
    ● Unix-based server assessment and auditing (including Linux, Solaris, Tru64 and others)

  • 802.11 wireless security assessment tasks; identifying networks and attacking them.