Skip to Content

Cyber Security Services

Consultancy / Security Audit

Service Name Service Components

Vulnerabilities Assessment

Vulnerabilities Scanning

Penetration Testing

Applications\Systems penetration test

Security Policies Consultancy

Design, Review and Maintenance of Security Policy

Security Policies Implementation

Security Policy implementation

CSIRT Services

Service Name Service Components

Incident Management Service

Incident analyze, trace collection, preliminary assessment, incident response, incident response action management

Incident Management

Centralized Vulnerabilities Incident Management

Forensics Analysis Services

Malware forensics Mobile forensics
System forensics
Network forensics
Malware Analysis  
Special investigation services Attack/APT advanced analysis
Incident case Investigation

Threat Intelligence

Service Name Service Components

Threat Intelligence Feeds

Cyber Security Feeds

Cyber Intelligence

 

According with SANS Institute, the goal of a security assessment is to ensure that necessary security controls are integrated into the design and implementation of a project. A properly completed security assessment should provide documentation outlining any security gaps between a project designs and approved corporate security policies.

Visionware integrated the Security Risk Assessment within the commercial methodology based on what are delivered all services and solutions.

Offering and Contracting

Assesses: this phase covers topics like: information discovery, assesing external parties, security assesment categories, etc

Evaluate

Manage

Measure

Operate

For instance, Visionware implemented specific methodology integrated within SDLC for System performance, quality and security reviews and tests.

In this step some specific quality or performance gates, according with each system specific requirements, will be addressed, as follow:
For all applications:

Code quality through peer code review sessions

Other specific actions (ex. penetration tests, load\stress tests, etc) where applicable

Specific for Web Applications Security, following tests, reviews and assessments will be performed:

Vulnerability Assessment (scanning): Source code analysis tools are designed to analyze source code and/or compiled version of code in order to help find security flaws

Penetration Testing – A penetration test, or the short form “pentest”, is an attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data. The process involves identifying the target systems and the goal, then reviewing the information available and undertaking available means to attain the goal. A penetration test target may be a white box (where all background and system information is provided) or black box (where only basic or no information is provided except the company name). A penetration test can help determine whether a system is vulnerable to attack, if the defenses were sufficient and which defenses (if any) were defeated in the penetration test. Security issues uncovered through the penetration test will be reported to the system's owner. Penetration test reports may also assess the potential impacts to the organization and suggest countermeasures to reduce risks.

DAST – Dynamic application security testing (DAST) can be thought of as testing the application from the outside in – by examining the application in its running state and trying to poke it and prod it in unexpected ways in order to discover security vulnerabilities.

SAST - Static application security testing (SAST) can be thought of as testing the application from the inside out – by examining its source code, byte code or application binaries for conditions indicative of a security vulnerability.

Threat Modeling

This step is performed either by system testers, developers or 3rd parties if required. As these services could be provided independently by Visionware specialized team or 3-rd party team, this methodology is separately described within the VW-SRAM (Security Risks Assesment Methodology).