Call now 0208 663 4000
Or "Contact Us" and we'll call you back !


 

Call: 012 3456 789

IT SUPPORT & TELEPHONY IN LONDON & KENT

0208 663 4000

CYBER SECURITY SERVICES LONDON - BE CYBERSAFE!

Its not often a day passes without news of another firm being hit by a cyber crime or data breach. The really is no excuse for not taking steps to minimise the risk, same as you do on health and safety, first aid, etc.

Its not only the direct loss of funds that are at risk but brand damage and disruption to your business through possible and more and more likely planned attacks.

Cyber Security Bundles

  • Vulnerability Assessment
  • Penetration Testing
  • Cyber Security Program Development (typically for Enterprise Companies)

Certifications

Our security engineers are certified with: Offensive Security Certified Professional (OSCP) GIAC Web Application Penetration Tester (GWAPT) Certified Ethical Hacker (CEH) Certified Information Security Manager (CISM).

If on-site presence is preferred, the rates stay the same, we just add the travel and accommodation costs. You can order specific parts of the services below, the minimum is 1 day. All White-Box tests require some level of collaboration with the development team (user accounts, architecture diagrams, location of sensitive details, etc.). Black-Box tests do not require any additional details.

Vulnerability Assessment (starting package, one day)

Black-Box Pentest - Web and Network Pentesting - Attacks without authentication

  • 20% manual investigation, 80% automated scanning tools
  • Discovery of sensitive public information about the system
  • SQL Injection in authentication mechanism
  • Direct pages access without authentication
  • Webserver sensitive files access
  • Brute-force
  • Admin account discovery and brute-force
  • Server side exploitation: services exploits, misconfigurations, brute-force
  • Business logic: reset password of other users, user enumeration
  • Public exploits
  • User registration process
  • Scanning of ports
  • SSL test: weak ciphers usage, sensitive information sent unencrypted, SSL vulnerabilities: Sweet32, BEAST, Padding and others.
  • Review banners and exploitability for every service White-Box -Web and Network Pentesting
  • Authorization checks
  • Unauthenticated users accessing and altering resources of simple and admin users
  • Web Server configuration: error codes, stack traces with sensitive information, HTTP splitting, config files exposure
  • Testing segmentation (for network infrastructure)

Penetration Testing (starting package, two man-days)

Black-Box Pentest - Web and Network Pentesting - Attacks without authentication

  • 20 % automated tools , 80 % manual investigation and exploitation
  • Discovery of sensitive public information about the system
  • SQL Injection in authentication mechanism
  • Direct pages access without authentication
  • Webserver sensitive files access ? Brute-force
  • Admin account discovery and brute-force
  • Server side exploitation: services exploits, misconfigurations, brute-force
  • Business logic: reset password of other users, user enumeration
  • Public exploits
  • User registration process
  • and many more. White-Box -Web and Network Pentesting
  • Authorisation checks
  • Unauthenticated users accessing and altering resources of simple and admin users
  • Simple users accessing and altering resources of admin users
  • Users accessing resources of other users ( Horizontal attacks)
  • Path traversal: accessing server files in browser
  • Privilege escalation
  • Users provisioning for themselves admin permission
  • Local privilege escalation on server side: from local to root
  • Technology specific vulnerabilities
  • Programming language vulnerabilities
  • Framework vulnerabilities
  • Web server
  • Depending on technology type discovered, public vulnerabilities for that technologies are tested
  • Web Application & Server specific vulnerabilities
  • Injection Attacks: SQL injection, XSS, HTML, XXE, Code injection, Buffer Overflow, Server side command injection
  • Client Side: Open redirects, ClickJacking, CSS injection, Local storage
  • SSL test: weak ciphers usage, sensitive information sent unencrypted, SSL vulnerabilities: Sweet32, BEAST, Padding and others.
  • Business logic: payments, password change, application misuse scenarios, request forgery, hidden content, process timing (race condition)
  • File upload: malicious file upload, unexpected file upload, server side control using ASP webshells
  • Web Server configuration: error codes, stack traces with sensitive information, HTTP splitting, config files exposure

Cyber Security Program Development (long term planning and strategy)

A long term plan to develop the security posture of a company, based on the capability Maturity Model. At the end of this period the client will have confidence that his Risk Profile reaches the desired level.

  • on-site and off-site meetings with Consultant
  • complete Program Plan, with all the implied projects
  • coaching throughout the implementation Subjects Covered:
  • Security Basics: Social Engineering, Physical security, Desktop security, Wireless networks, Password security, Malware
  • Risk Management and Compliance (Risk Catalog; definition of desired certification for example ISO 27001, PCI-DSS, etc.; local and international laws)
  • Roles and Responsibilities (CSO; CISO; CEO)
  • IT Security Governance (Risk Profile; Industry requirements)
  • IT Security Process and Program Management (yearly plan: awareness training, penetration testing, audits)
  • Defining and Monitoring the Security Posture (KPIs)

GET IN TOUCH

For free specialist advice about your company's ICT requirements, please call us on 0208 663 4000 or fill in your details below. We'll respond to you within a maximum of 30 minutes.

© 2019 360ict Ltd, 160 Victoria St, Westminster, London SW1E 5LB, UK Tel: 0203 759 5052Web Design By Toolkit Websites