Documente Academic
Documente Profesional
Documente Cultură
1
2
3 4 5
Founded in 2004, SecurEyes comprises of a group of dedicated information security professionals from different domains. Secureyes have the base in Bangalore and have done several information security projects in India, Middle East, Africa and the United States of America.
Industry Credentials
Our Consultants have: Vast experience in providing information security consulting services for large banks, telecom and government organizations in the Middle-east and Africa region. Conducted end to end risk assessments for multiple multinational banks across the globe. Audited 500+ business critical applications. Trained over 3000+ software developers on secure coding practices. Empanelled by CERT-IN, Ministry of Communications & Information Technology, Government of India as IT Security Auditors. Actively involved in R&D activities and have been speaking in well known security conferences Developed in-house security tools in collaboration with Foundstone (HACKME Bank version 1 has seen more than a million downloads). Actively involved in web-based malware research activities to identify, detect and clean malwares from websites. Have developed proprietary tools to continuously monitor the web sites of our customers.
Governance IT Strategy Development IT Governance Design IT Strategy Planning Enterprise IT Architecture Development Enterprise Performance Management Balanced Score Card Implementation Risk Management Business Continuity Management Information Security Risk Management Disaster Recovery Planning Ethical Hacking ERP / Applications Business Control Audit VOIP Risk Assessment GSM Risk Assessment Compliance ISO 27001 based ISMS build and accreditation assistance ISO 20000 based ITSM system build and accreditation assistance BS 25999 based BCMS system build and accreditation assistance Payment Card Industry Data Security Standards (PCI-DSS) Compliance Facilitation
Learn the application architecture through: Available documentation Meeting / Discussions with developers
Develop understanding of different component modules in the application along with their dependencies Study all application interfaces Study custom communication protocols if any
Prioritizing
Critical application modules Interface layers
Identification of insecure coding issues Discovering and categorizing replicating vulnerable code throughout the application Carrying out exploit simulation for vulnerabilities found in manual code review Documenting vulnerable code snippets
Identification of insecure coding issues Discovering and categorizing replicating vulnerable code throughout the application Carrying out exploit simulation for vulnerabilities found in manual code review Documenting vulnerable code snippets
Authorization
Information Leakage
Cookie invalidation, are multiple logins allowed for a single user, Reusing older credentials to gain access, secure logout mechanism , session fixation, session
riding
Authentication
CAPTCHA/Account lock out Use of salted one way hash
Reporting
Final Report with security risks, impact and solutions All vulnerable codes are depicted using appropriate screen shots Presentation/Call with developers to explain exploit scenarios Detailed report containing:
Separate executive and technical sections Prioritized results Risks described in terms of real business risk! Details of vulnerabilities/holes discovered in code Step-by-step description of insecure code and possible exploits No false positives Practicable recommendations
Confirmatory Review
Post implementation review Black box penetration testing Ensuring all holes have been plugged by the development team
Internal behavior of the program is completely understood Best approach for identifying all potential threats Fool-proof method of securing applications Identifies even the most remote application security holes
Thank You