Overview
Randtronics provides penetration testing services, web application security assessments
and application source code reviews. We implement the same tools and techniques
as criminal hackers but in an ethical manner to protect your private confidential
business information.
Our services are performed by trained and highly skilled security consultants. They
can be provided as a one-off assessment, or periodically as part of an ongoing vulnerability
management program. Furthermore, we can help you in achieving compliance with security
assurance requirements specified in industry regulations and standards such as PCI
DSS, ISO 17799/27001, SOX, HIPAA, and APRA.
Professional Services
Network Penetration Testing
Our penetration testing (ethical hacking) services assess the security of your IT
environment. Our services go beyond an automated vulnerability assessment
based on scanning tools: we detect vulnerabilities and demonstrate how and to what
extent an external hacker or trusted insider of your organisation could exploit
them to breach your networks and servers, threatening the confidentiality, integrity
and availability of the systems holding your private confidential business information.
Randtronics adheres to the Open Source Security Testing Methodology Manual (OSSTMM),
an open standard which is peer reviewed and provides a comprehensive testing methodology
for security assessments. Our services include:
- External penetration testing: We assess the security of your network infrastructure
(routers, switches, firewalls), wireless access, servers, operating systems, databases
and applications. Testing can be performed according to a black box or grey box
approach simulating external hackers with varying degrees of knowledge of your infrastructure.
- Internal penetration testing: Internal assessments use the same methodology
as an external assessment, but they are performed on-site and simulate trusted insiders
(rogue employees or contractors) with legitimate access to your corporate network,
or external hackers who have successfully breached your perimeter defenses.
At the end of the assessment, Randtronics delivers a report aimed at informing both
management and technical staff of risks to your IT environment. Our consultants
remain available at all times to provide ongoing guidance and discuss recommendations.
Web Application Security Assessment
With the rise of web applications, private confidential business information is
shared more and more with customers and business partners through web interfaces.
Along with the benefits and convenience comes increased risk, as hackers may be
able to exploit vulnerabilities and obtain unauthorized access to view and modify
sensitive data. Data breaches could lead to reputational damage, financial costs,
legal actions and regulatory non-compliance.
Studies have reported a high incidence of common web application vulnerabilities
such as broken access controls, SQL injection and cross-site scripting. These vulnerabilities
have led to many high profile incidents.
Our web application security assessments assess the security of your web-based application
or e-commerce portal. We demonstrate how web application vulnerabilities
could be exploited, resulting in data breaches, and provide remediation guidance.
Testing can be performed externally for public-facing web applications or internally
for intranet applications. Either a black box or grey box approach can be used,
simulating attackers with varying degrees of knowledge of the application.
Randtronics has developed a comprehensive testing methodology and adheres
to guidelines issued by OWASP (Open Web Application Security Project), a worldwide
free and open community focused on improving the security of application software.
Application Source Code Reviews
Randtronics provides source code reviews (white box testing) to improve the security
of your applications. Our security consultants have extensive software development
experience in all major programming languages. We use an efficient and effective
review methodology, based on open-source and commercial tools for automated analysis
combined with manual review techniques. Source code reviews can be performed separately
or in conjunction with a web application security assessment as both approaches
are complementary.
For More Information
For more information download our Security
Services Brochure
|
|
Contact Us |
|
For more information about Randtronics professional services feel free to
Contact Us
|
|