Penetration Testing and Vulnerability AssessmentMore Details
“The biggest risk that an organization can face is assuming that they are secure when in fact they are vulnerable”.
What type of penetration test do you want performed? For organizations new to penetration testing, we recommend starting with an external network penetration test, which will assess your Internet-accessible systems in the same way that an attacker anywhere in the world could access them. Beyond that, there are several options:
Network Penetration Testing
Our research driven Network Penetration Testing services are specifically designed to test entire IT Infrastructures or just individual component of IT network architecture like router, firewall, servers and client end devices. These services are ideal for HIPAA/HITECH, PCI/DSS, and other similar requirements. Typically we start these types of assessments with only a network connection on the corporate networks, but a common variant is what we call an “Insider Threat Assessment,” where we start with one of your standard workstations and a standard user account.
Web Application Penetration Testing
Our Web Application Penetration Testing services are specifically designed for testing single Web Application, or entire application farms. These services are ideal for HIPAA/HITECH, and PCI DSS requirements 6.6 and 11.3.2. A review of custom web application code for security vulnerabilities such as access control issues, SQL injection, cross-site scripting (XSS) and others are part of this service. These are best done in a test or development environment to minimize impact to the production environment.
Wireless Penetration Testing
Wireless Attack and Penetration Testing are strategic and isolated attacks against the client’s wireless systems. SecureBeans consultants will simulate hacking and attempt to identify, exploit, and penetrate weaknesses within these systems. A detailed security assessment also includes a survey of the location looking for unauthorized (“rogue”) wireless access points that have been connected to the corporate network and are often insecurely configured.
Social Engineering Penetration Testing
The Social Engineering Penetration Testing is designed to mimic attacks that social engineers with malicious intent will use to breach organization. We employ a number of techniques to include all methods of phone, Internet-based, and onsite physical engagements. Our Social Engineering Penetration Testing service includes a full report of findings and mitigation recommendations which will be confidentially debriefed to your executive staff and security team.
Mobile App’s Security Assessment
Our team is dedicated to helping today’s leading companies deliver secure mobile apps faster and more efficiently. SecureBeans has created a research-driven mobile testing methodology that incorporates guidance from the OWASP Application Security Verification Standard. SecureBeans’ mobile security testing provides verification and validation across all major control categories, including authentication, session management, access control, malicious input handling, cryptography at rest, and much more.
Digital Forensics & Fraud InvestigationMore Details
Computer Forensics, sometimes known as “Digital Forensics” or “Electronic Evidence Discovery”, is often described as:
“The preservation, recovery and analysis of information stored on computers or other electronic media”.
Electronic data includes any record, file, source code, program, computer manufacturer specifications, and other imprint on a computer storage device. In many cases “deleted” evidence that is needed for prosecution is still on the hard drive. SecureBeans have the required skill and expertise to recover the data from storage devices with the help of some popular and sophisticated data recovery tools. Our experts can safely enter any microcomputer system, network, or data storage device to recover data and determine whether it has been tampered with, deleted, or damaged. Depending on your particular scenario, SecureBeans experts can search for specific data (such as phrases, files, numbers, or keywords), analyze and determine what different file dates may mean, or verify illegal use of proprietary information.
After analysis is complete our investigators will provide you with a comprehensive, yet easy to understand, report about the data on the suspect media.