Security Services

Overview


Randtronics provides penetration testing services, web application security assessments and application source code reviews. We implement the same tools and techniques as criminal hackers but in an ethical manner to protect your private confidential business information.

Our services are performed by trained and highly skilled security consultants. They can be provided as a one-off assessment, or periodically as part of an ongoing vulnerability management program. Furthermore, we can help you in achieving compliance with security assurance requirements specified in industry regulations and standards such as PCI DSS, ISO 17799/27001, SOX, HIPAA, and APRA.

Professional Services


Network Penetration Testing

Our penetration testing (ethical hacking) services assess the security of your IT environment. Our services go beyond an automated vulnerability assessment based on scanning tools: we detect vulnerabilities and demonstrate how and to what extent an external hacker or trusted insider of your organisation could exploit them to breach your networks and servers, threatening the confidentiality, integrity and availability of the systems holding your private confidential business information.

Randtronics adheres to the Open Source Security Testing Methodology Manual (OSSTMM), an open standard which is peer reviewed and provides a comprehensive testing methodology for security assessments. Our services include:

  • External penetration testing: We assess the security of your network infrastructure (routers, switches, firewalls), wireless access, servers, operating systems, databases and applications. Testing can be performed according to a black box or grey box approach simulating external hackers with varying degrees of knowledge of your infrastructure.
  • Internal penetration testing: Internal assessments use the same methodology as an external assessment, but they are performed on-site and simulate trusted insiders (rogue employees or contractors) with legitimate access to your corporate network, or external hackers who have successfully breached your perimeter defenses.

At the end of the assessment, Randtronics delivers a report aimed at informing both management and technical staff of risks to your IT environment. Our consultants remain available at all times to provide ongoing guidance and discuss recommendations.

Web Application Security Assessment

With the rise of web applications, private confidential business information is shared more and more with customers and business partners through web interfaces. Along with the benefits and convenience comes increased risk, as hackers may be able to exploit vulnerabilities and obtain unauthorized access to view and modify sensitive data. Data breaches could lead to reputational damage, financial costs, legal actions and regulatory non-compliance.

Studies have reported a high incidence of common web application vulnerabilities such as broken access controls, SQL injection and cross-site scripting. These vulnerabilities have led to many high profile incidents.

Our web application security assessments assess the security of your web-based application or e-commerce portal. We demonstrate how web application vulnerabilities could be exploited, resulting in data breaches, and provide remediation guidance. Testing can be performed externally for public-facing web applications or internally for intranet applications. Either a black box or grey box approach can be used, simulating attackers with varying degrees of knowledge of the application.

Randtronics has developed a comprehensive testing methodology and adheres to guidelines issued by OWASP (Open Web Application Security Project), a worldwide free and open community focused on improving the security of application software.

Application Source Code Reviews

Randtronics provides source code reviews (white box testing) to improve the security of your applications. Our security consultants have extensive software development experience in all major programming languages. We use an efficient and effective review methodology, based on open-source and commercial tools for automated analysis combined with manual review techniques. Source code reviews can be performed separately or in conjunction with a web application security assessment as both approaches are complementary.

 

What We Offer

Encryption of Files and Folders - Randtronics DPM File



Encryption of Laptops and Desktops - Randtronics DPM File



Encryption of Databases - Randtronics DPM File



Encryption, Masking, Tokenization of Web, Application and Databases - Randtronics DPM Token Manager



Encryption of Metadata in Web, Application and Databases - Randtronics DPM Token Manager



Management of encryption keys - Randtronics DPM Key Manager



Straightforward integration with a HSM - Randtronics DPM Key Manager



Encryption of SAP ERP Systems - Randtronics DPM File and Token Manager



Encryption of Oracle Financials - Randtronics DPM File and Token Manager

footerLogo
Randtronics LLC

303 Twin Dolphin Drive
Suite 600
Redwood City, CA 94065
United States

  • +1 (650) 632 4272
  • +1 (650) 591 9901
Randtronics Pty Limited

S1.1, Level 1, Building A
64 Talavera Road
North Ryde, NSW 2113
Australia

  • +61 2 8873 1999
  • +61 2 9870 8560
  • enquiry@randtronics.com

Randtronics© 2002 - 2018 | Site design by Wolff