Services
You are realizing the importance of information security and the implications of the inadequacy of the same, which could result in error, fraud, and disruption to business. The challenge is to get the right balance: get no-nonsense reports that address the challenges and business risks based on detailed technical findings without losing the business owners. We can help you with the following:
- SAP infrastructure penetration testing
- Network penetration testing
- Web application penetration testing
- RFID access control review
- IT audit
- IT security consultancy
For all testing activities we use the following steps:
- Map relevant components (application servers, database servers, routers, switches, management workstations, etc.).
- Scan the mapped devices for weaknesses.
- Exploit the found weaknesses to prove that we're not talking about an abstract risk or a hypothetical attack but about real-life threats that are relevant to your business.
- Report the technical findings, the associated business risk and recommendations as to resolve the issues.
SAP infrastructure penetration testing
In many organizations SAP environments are critical for business continuity. Successful hacking attempts might directly impact your business. SAP user authorizations are often audited on a frequent basis. Used hardware is documented in the configuration management system. But what about the database, operating system and network that are used by the SAP environment?
- Did you change all the default passwords of the database and did you apply password complexity rules for database users?
- Are the operating systems 'hardened' to keep unwanted guests out?
- Are the network flows secure to avoid network eavesdropping by curious employees?
In many implementations the insecure default system and network settings are never changed, an open door for hackers.
Dexlab's SAP infrastructure penetration testing looks at the system as a whole. We check all important links in the chain. To keep your critical data secure.
[ back ]
Network penetration testing
Do you provide network access to your guests and contractors? Probably you do. Do you monitor temporarily personnel for suspicious behavior on the network? Probably you don't. In that case the logical security of your information is relying on adequate IT management. An adequate level of IT management is difficult to accomplish. Think about the following:
- How many employees are working for your company and how many accounts are activated?
- Are all important passwords changed the last time a system administrator or high ranking IT personnel left the company?
- Are all applications tested for security weaknesses before going live?
- Do you keep track of critical system changes?
- Is all your software still supported by the vendor?
- Are all software patches installed weekly?
Many companies need to maintain somewhere in between dozens and thousands of systems. A hacker needs only one weak spot.
Dexlab likes to help you finding the weak spots in your network, to allow you to fix weaknesses before a hacker finds them.
[ back ]
Web application penetration testing
Although many organizations do an excellent job of securing their perimeter networks and web-connected systems from attack, little is still being done to ensure that their publicly accessible applications are secure.
- Are code reviews performed to detect backdoors and insecure program code?
- Are all applications tested for security vulnerabilities before going live?
- Are all (critical) application changes tested and documented?
- Is critical database content (SSN's, credit card information, etc.) encrypted to limit the damage in case of a compromised system?
- Do you check the integrity of system and data files regularly?
If the answer on one of these questions is "no" you might be at risk. Perhaps your hacked website will be in the newspaper tomorrow. Web application testing can be an effective way to determine which risks can actually be exploited by hackers. This allows you to focus on the most important issues: to get back in control in an efficient way.
Dexlab uses a combination of automated tools and manual techniques to perform an in-depth and comprehensive vulnerability assessment of your organizations internal and external web-based applications. We focus on issues as described in the OWASP top 10 of web application vulnerabilities.
[ back ]
RFID access control review
You want to keep unwanted guests out of your computer rooms, data centers and other places where sensitive and mission critical information is stored. To do so procedures cover registration of activated access badges, revocation of access rights and periodical reviews of granted auhtorizations. In many organization access control is implemented using wireless technologies: badges with integrated Radio Frequency IDentification (RFID) chips. System using RFID can be implemented in a secure way though many RFID technologies are not secure. Weak technologies include:
- EM 4x02
- EM 4x05
- HID Proximity and multiCLASS
- Mifare Classic family
Dexlab can help you to determine if a weak technology is used in your system. If a weak technology is used we can also help you with recommendations to reduce the risk for now and to fully fix the problem in future.
[ back ]
IT audit
Dexlab provides impartial assessment and advice on the quality aspects of IT, such as reliability, security, continuity, confidentiality, efficiency and effectiveness. We are specialized in auditing technical systems, including but not limited to:
- Databases: MSSQL and Oracle RDBMSs
- Platforms: Windows and *UX-based operating systems
- Web applications
- Network environments
Dexlab professionals include certified CISA's and RE's with over 10 years of international IT audit experience.
[ back ]
IT security consultancy
Are you developing new services or technologies that rely on secure IT systems? Are you looking for an independent party to review technical designs or to bring in specific IT security related knowledge?
Please contact Dexab: we might have the experience you are looking for. From hardening platforms and databases to network flow analysis, from IT forensics to chip card technology including ePassports.
[ back ]