Cyber_Security_CyberPact.pdf
- 1. www.cyberpactsolutions.com CyberPact Solutions Pvt Ltd. Bengaluru, Karnataka, India.
- 2. Our Capability Security Services Consultancy Compliance • Application Penetration Testing • Network Penetration Testing • Mobile Application Penetration Testing • Client Side Software Penetration Testing • Audit Cloud Infrastructure • Mobile Device Scan • IoT Security • Mobile Application Reverse Engineering • Virtual CISO • Network/System Configuration Review & Gap Assessment • Forensic Analysis ▪ HDD, Mobile, System and Network • Mobile Application Reverse Engineering • Cyber Fraud Investigation • Cyber Risk Insurance • GDPR ▪ Training, Consultation and Implementation • PDP ▪ Training, Consultation and Implementation • ISO 270001 Audit and Implementation Managed Services Consultancy Compliance • Network/System Configuration Review & Gap Assessment • Forensic Analysis ▪ HDD, Mobile, System and Network • Mobile Application Reverse Engineering • Cyber Fraud Investigation • HSM • Integration • Training • Support • Cyber Risk Insurance • GDPR ▪ Training, Consultation and Implementation • PDP ▪ Training, Consultation and Implementation • ISO 270001 Audit and Implementation • SOX Audit • Process Audit • Security Process Audit • SDLC Offerings of CyberPact Solutions • Application Penetration Testing • Network Penetration Testing • Mobile Application Penetration Testing • API Security Testing • Audit Cloud Infrastructure • IoT Security • Mobile Application Reverse Engineering • Virtual CISO Training • Application Security • Network Security • DevOps • DevSecOps • Forensic Investigation • Threat Hunting • Cloud Security • General Awareness
- 3. VAPT Approach CyberPact helps clients find solutions that aim at complete protection of data and systems of the organization. We are committed to help enterprises achieve maximum security for all applications and systems. Here’s an overview of CyberPact’s Approach to Penetration Testing, which consists of the following elements: • Source code review • Memory Leakage Testing • Usability Testing • Authentication Testing • Session Management • Authorization Testing • Data Validation Testing
- 4. GAP Assessment Methodology GAP Assessment Risk Management Methodology Risk Assessment Risk Treatment Risk Assessment and Treatment Report Statement of Applicability Risk Treatment Plan
- 5. Digital Forensic Methodology OBTAINING & IMAGING FORENSIC DATA FORENSIC REQUEST PREPRATION / EXTRACTION CASE LEVEL ANALYSIS FORENSIC REPORTING ANALYSIS IDENTIFICATION DIGITAL FORENSIC PROCESS
- 6. Sector BFSI VAPT Internal Infra 300 IPs Duration 15 days Key Finding Trojan Horse Detection Impact Trojan Horse could impact the entire network by attacking the systems at a later date. Sector IT Data Centre VAPT Internal Infra 800 IPs Duration 15 days Key Finding Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness Impact Man in the middle attack would have exposed the data being transmitted between two systems to external world Sector Health Tech VAPT Web and Mobile Application Duration 10 days Key Finding Super Admin credentials hardcoded in plain text Impact Anybody could access with super admin credentials VAPT Use Cases
- 7. Use Cases contd. Data Center: Infrastructure VAPT for 800 IPs Health Tech : Mobile Application VAPT (HIPAA) Fintech : Mobile Application VAPT (PCI) Hospital : Web Application VAPT (black box and grey box) Internal Infrastructure VAPT for 300 IPs BFSI : Internal Infrastructure VAPT for 250 IPs Fintech : Mobile and Web Application VAPT Software Development Firm : Web Application VAPT (Black Box) College : Infrastructure VAPT for 300 IPs and Web Application Manufacturing : Process Audit, Web Application VAPT Cloud Audit : AWS, GCP, Azure and Third Party Forensic Investigation for various cases involving monetary fraud, data theft, identity theft, source code theft for various sectors. ISO 27001 GAP Assessment for BFSI, KPO, ODC, Data Center, Data Processing Company.