Halkali Merkez, Dereboyu cd, No:04/154
Kücükçekmece, Istanbul, Turkey
Find us here
ELEMENTS OF THE IT ENVIRONMENT WE ASSESS
IT infrastructure
- Network. We assess the efficiency of your network segmentation, network access restriction, the ability to connect to the network remotely, firewall implementation.
- Email services. We evaluate the susceptibility to phishing attacks and spamming.
Applications
- Web applications. We assess the susceptibility of a web app to various attacks following Open Web Application Security Project (OWASP) Top 10 Application Security Risks.
- Mobile applications. We evaluate the security level of a mobile app following OWASP Top 10 Mobile Risks.
- Desktop applications. We assess how data is stored in an app, how this app transfers information, whether any authentication is provided.
ASSESSMENT METHODS WE APPLY
Automated scanning
To start the vulnerability assessment process, ScienceSoft’s security engineers use automated scanning tools the choice of which depends on each customer's needs, requirements and financial capabilities. These scanners have databases, which contain known technical vulnerabilities and allow detecting your company’s susceptibility to them. The main advantage of the automated approach is that it is not time-consuming and ensures a wide coverage of security weaknesses possibly existing in a range of devices or hosts on the network.
Manual assessment
ScienceSoft’s security testing team performs the manual tuning of the scanning tools, as well as subsequent manual validation of the scanning findings to eliminate false positives. Upon the completion of such manual assessment performed by our specialists, you get reliable results containing only confirmed events.
Web design to ensure more customers
Target sales premium
COOPERATION MODELS WE OFFER
One-time services allow getting impartial security level evaluation and avoiding vendor lock-in. Choosing this cooperation model may help a customer to form an opinion on the vendor and decide whether to cooperate with them afterwards. ScienceSoft is ready to offer you one-time services to assess the protection level of your network, application or another component of the IT environment. When getting acquainted with the target of assessment, our security testing team thoroughly studies the details, i.e., gathers the information on software installed on the devices in the network, understands the basic configuration of the devices, collects the available public information on the known vulnerabilities of the device version, vendor, etc. After that, assessment activities are carried out.
Opting for managed services means building long-term relationships with one vendor. Once the information on your IT infrastructure is gathered in the course of the first project, the vendor is subsequently able to carry out vulnerability assessment spending less time on the project and reducing the costs for you. If you want to stay fully aware of any decreases occurring in your company’s security, ScienceSoft suggests putting vulnerability assessment in your list of regular tasks and offers the appropriate services conducted on a regular basis. We have all the necessary resources to perform vulnerability assessment quarterly, half-yearly or once a year depending on your need to meet regulatory requirements, the frequency of applying significant changes in your network, application, etc.
Regardless of the chosen cooperation model, we provide you with a final vulnerability assessment report upon the completion of the process. The report is split into two parts – a technical report (comprehensive details on the assessment activities performed by ScienceSoft’s security engineers) and an executive summary (the information on your overall security state and the revealed weaknesses easy to understand for employees with limited knowledge in the security area). Moreover, we are ready to give you valuable recommendations concerning corrective measures that should be implemented to remediate the revealed vulnerabilities.