Vulnerability Assessment
Sed diam nonummynibh euismod tincidunt ut laoreet dolor.e magna aliquam erat volutpt wisim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo. Consequatuis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore. Eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Praesent vestibulum molestie lacus. Aenean nonummy hendrerit mauris. Phasellus porta. Fusce suscipit varius mi. Cum sociis natoque penatibus.
Penetration Testing
Acumen Cyber security Services penetration testing service provides an in-depth understanding of how an input, changes data inside the software. We use a proprietary framework to discover multiple attack vectors by passing or inputting data to user interfaces, network interfaces, application programming interfaces (API's), and other places where inputs are processed.
Our tests (external and internal) replicates actions of an attacker to gain unauthorized access and/or gain greater level of access to web applications, e-commerce, ERP, and databases. Main goal of this test is to gain unauthorized access through privilege escalation to enterprise's applications by passing maliciously crafted inputs through potential field manipulation and cookie poisoning, which allows a more focused test of web applications by exposing vulnerabilities that pose potential threats of which traditional network penetration testing is unaware.
To ensure complete and comprehensive analysis the test is performed on all the applications (applications, web based applications, databases, all direct and indirect user inputs, and all interfaces that accept inputs). Our test passes specially crafted input data to web services, user interfaces (logon screens, web front ends), scripts (XML, HTML, etc.), communication paths (network protocols and sockets), DCOM objects, and remote procedure calls (RPCs) to discover all potential attack vectors.
We generate a detailed report outlining successful attacks (code injection, canonicalization, HTML manipulation, buffer overflows, insecure communications, and misconfigurations); characterizing specific vulnerabilities, communication channel used, and exploit code.
Application penetration testing attack modules consist of payloads that belong to one or more of the four major attack taxonomies (interruption, interception, modification, and fabrication). Attack payloads that exploit common categories of application vulnerabilities are listed below: INJECTION FLAWS, CROSS SITE SCRIPTING (XSS), CROSS SITE REQUEST FORGERY,
.
Network Testing & Website Analysis
ACS penetration testing service provides an in-depth understanding of weakest links to enterprise's network that assists in securing information infrastructure from outside and inside attackers. We use a proprietary data-mining framework which is a comprehensive technology employing computational intelligence to exploit discovered vulnerabilities.
Our tests (external and internal) replicates actions of an attacker with an adversarial intent to gain unauthorized access to portions of enterprise's network i.e., any device that has a network address or is accessible to any other device from the perspective of a trusted user and adversary from inside, remote and outside.
We generate a detailed report outlining successful attacks; characterizing specific vulnerabilities, communication channel used, and exploit code. Our penetration tests are targeted; hence we are able to accomplish this with minimal disruption to the client's enterprise operations. Network penetration testing attack modules consist of payloads that belong to one or more of the four major attack taxonomies (interruption, interception, modification, and fabrication). Attack payloads that exploit common categories of network and system vulnerabilities are listed below. Attack Modules that Target Common Vulnerabilities: Kernel Flaws, Buffer Overflows, Race Conditions, File and Directory Permissions, Symbolic Links, Malware
ISO 27001 Gap Analysis
Information Security Governance & Assurance. We audit the security of your company against the ISO 27001 standard.(Policy, Procedures and Processes Review, Industry and Unified compliance) Our services are of particular use to smaller companies that do not have the required internal audit capabilities required for the standard. Larger companies may wish to use our services to audit other companies in the supply chain to ensure they are keeping their information secure.
Banking
We are Subject Matter Experts in analysing and assessing banking networks and application vulnerabilities in order to maintain best practice procedures for patching the required systems and protecting them from intrusion. We have helped conduct a huge project that involved taking data from several servers internationally (using McAfee Vulnerability Manager), liaising with all the different platform and remediation teams, setting targets, baselines and compiling reports for Senior Management.
Our teams assemble pertinent data which is vital to the success of any project - vastly improving the ability monitor and report vulnerabilities thus taking the proper action required for remedial work.
Training and Education
Courses can be tailored to your needs - whether it is employee security awareness as part of a company induction - or ensuring IT staff have sufficient knowledge of current threats, vulnerabilities and countermeasures. Students are encouraged to get into the security mindset and place a relevant vaule on the data they own. Using real life examples of scams together with demonstrations of software vulnerabilities and exploits, our presentations are lively and eye opening