SBS – Security Meter Penetration Testing service proactively attempts to break into your system to assess your level of security preparedness. This helps you get a hacker’s eye view of the system, and it enables you to identify security holes that could be exploited by a remote attacker to compromise your system. At SBS – Security Meter, we employ penetration testing tools and techniques that are constantly updated to include all known threats and risks. This means that after your system is tested & certified, it can be used with the absolute assurance that it is secure.
There are three components to this service:
Light perimeter test – testing the strength of the perimeter from a remote location.
Full perimeter test – verifying the security of the perimeter, the servers in the DMZ, with remote exploitation of the DMZ, and accessible internal systems.
Internal test – the ‘trusted-insider’ test, launched from inside the client’s network, with internal exploitation.
Who needs it?
Penetration tests are standard requirements for any e-business client, especially banks and financial institutions, to comply with information security regulations, in order to conduct business online. Organizations manage to deliver the confidentiality and integrity that their business demands by making use of the efficiencies of the Internet. Some of the penetration tests we have conducted include:
An Internet banking site for the Asia operations of an American bank.
A ‘certificate authority infrastructure’ for a Middle East-based payment gateway.
A depository services company in Asia.
An Internet trading site for a leading Asian enterprise.
A network infrastructure for a top British financial group.
What do you get?
SBS – Security Meter will provide a detailed report after completion of the pentest. The report will highlight the weaknesses in the system that affect the availability, reliability and integrity of information assets. It will also provide the solutions for covering each identified risk. This report will contain the following:
Categorization of weaknesses based on risk level
Details of security holes discovered
Emergency quick-fix solution for discovered vulnerabilities
What do we promise?
SBS – Security Meter employs a wide variety of tools and techniques to carry out penetration testing. Each and every test is carried out by skilled security testers and the results are manually verified before communicating to you. The end result is you get comprehensive and accurate understanding of your security posture and can immediately take mitigating steps for closing any identified weakness.
SBS – Security Meter Vulnerability Assessment (VA) service helps you identify the vulnerabilities which exist on the network as well as on hosts, and it also determines the methods of mitigation. It covers network equipment like routers, switches, firewalls etc. and operating systems like Windows, Solaris, Linux and others. While a penetration testing provides external view of security status, the vulnerability assessment service provides detailed internal security issues arising from insecure configurations, weak setting, and policy non-compliance on your IT assets. These issues could lead to compromise from insider threats.
How we do it?
The vulnerability assessment is conducted in accordance with leading international security standards. We use our proprietary tool, CVA, for fast and accurate auditing of each system and for producing customizable reports. The reports can be aligned to any of the regulatory standard that your organization is required to comply with. Our team of skilled security professionals then manually verifies the tool results and provides recommendations for mitigating the identified security issues.
What do you get?
SBS – Security Meter will provide a detailed report after completion of the assessment. A VA Report will highlight the weaknesses in the system that affect the availability, reliability and integrity of information assets. It will also provide the solutions for covering each identified risk. The VA report will benchmark the findings of the assessment with the SANS Top 20.
Details all the vulnerabilities found in the servers, operating systems and the server applications. This will cover both logical and physical protection.
Assess the mechanisms for protecting the confidentiality of sensitive information and possible gap for their compromise both internally and externally.
Recommends measures to overcome the weaknesses and solutions for strengthening security.
What do we promise?
SBS – Security Meter vulnerability assessment service follows globally accepted standards on device configuration to ensure your systems are strongly protected. Using custom-built audit tools for each platform, we quickly and accurately identify weak settings, policies and configurations in multiple assets across your organization. With a strong manual intervention for checking the tool output and proven solutions for mitigation, our VA report can be immediately put to action in your organization.
When it comes to security threats, application layers are the most sensitive and the most likely to be affected areas.
SBS – Security Meter is on the forefront of application security testing methodologies. SBS – Security Meter’s Application Security Certification program builds a trust in customers which ensures them that their applications are truly secure. SBS – Security Meter provides three different levels of testing- greybox testing, security code review and application penetration testing.
Greybox testing works around the concept that if one knows something about how the product works from the inside, one can test it better, even from the outside. The security code review test gives you the exact knowledge of the security strength of your application and code sets. This test is also followed by a clear and concise report for mitigation, which enables you to know your security related priorities. With regard to application penetration testing, the application proactively attempts to break into your network to assess your level of security preparedness. It gives you a hacker’s eye view of the system, and helps you identify security holes that a remote attacker can exploit to compromise your network.
How we do it?
We test your software exhaustively for holes that drain your valued data. We then recommend a solution to be executed. Thereafter the software is re-tested. If it passes, the SBS – Security Meter Application Security Certificate is yours. To ensure that your application is well protected and secured, SBS – Security Meter issues a certification document which defines the criteria that is used to evaluate an application for the Certificate. An application must demonstrate, through remote testing, that these security criteria are met before it is awarded the Certificate.
What do you get?
You would be able to :
- Use your application with the confidence that it is secure.
- Eliminate threats by raising the threshold for potential intrusions, theft and fraud
- Give stakeholders in your application tools that meet the highest security standards.
- Reduce your customers’ security concerns.
- Satisfy management and external auditors that you have taken the initiatives necessary to safeguard internal security (SAS70, ISO 27000, HIPAA, GLBA and other regulations).
What do we promise?
- You receive on-demand service with the flexibility to schedule your tests.
- You pay only for penetration testing when you need it without spending extra on tools or infrastructure.
- You receive a testing service that digs deep to uncover all potential risks.
- You receive written proof that your application meets all your security requirements.
- You receive support through your mitigation lifecycle.
Security Code Review
The security code review enables a scrutiny of your application standard code and other code sets for accidental security vulnerabilities and deliberate application backdoors. The test gives you exact knowledge of the security strength of your application and code sets. This test is also followed by a clear and concise report for mitigation, which enables you to know your security related priorities.
SBS – Security Meter Role
The security code review offerings by SBS – Security Meter can leverage leading commercial tools, SBS – Security Meter proprietary tools and special teams with a dual security and software development expertise. With mergers and acquisitions becoming common place and with software development being outsourced / offshored, our customers are increasingly seeing the need to conduct comprehensive security code reviews of mission critical applications.