ICT Security Services is the standardized vehicle for security and privacy investigations and assessments. Ali Info Tech lengthy experience has demonstrated that every client and every engagement is different. Therefore, we have a wealth of standardized modules to populate the framework, each engagement is different, and therefore, customized. Security Assessment is a process of assessing the security posture of a computer system or network by simulating an attack by a malicious user or hacker. The focus of testing involves is attempting to exploit any security holes and vulnerabilities identified in the standard testing and auditing services. Once the Network Security Assessment are completed, we would plan out a draft to do some further testing on those vulnerable system based on the results or findings. The security assessment services that we cover include External Penetration Testing, Internal Penetration Testing, Web Application Penetration Testing, Wireless Penetration Testing, Database Penetration Testing, Network Devices Assessment and Source Code Review. The following international standards and guidelines are adopted into our security assessment methodology. • The Open Web Application Security Project (OWASP) • VulnerabilityAssessment.co.uk • Institute for Security and Open Methodologies – OSSTMM2.2 • NIST SP800-42 Guideline on Network Security Testing • Information Systems Security Assessment Framework (ISSAF) • WirelessDefence.Org
We also focusing on IT Security products such as SIEM, Web Application firewall (WAF), AntiDDOS solutions, Cloud Security, Advanced Persistent Threat (APT), Unified Threat Management (UTM), Mobile Device Management (MDM), Log Management Analysis and Managed Security Services. Our security expert team is well equipped with relevant security experience and skills supported by professional certifications; namely CEH, CHFI, AntiDDOS, WAF and other certifications.
For External & Internal Penetration Testing, Ali Info Tech follows the best practices and guidelines from OSSTMM2.2, NIST SP800-42 Guidelines on Network Security Testing and VulnerabilityAssessment.co.uk. There are 5 phases to perform External & Internal Penetration Testing: Planning, Discovery, Verification, Reporting and Post Corrective Action.
Web Application Penetration Testing follows the best practice and guideline from OWASP (Open Web Application Security Project). Web Application Penetration Testing contains five phases: Planning, Discovery, Verification, Reporting and Post Corrective Action.
For Wireless Penetration Testing, we follow the best practices and guidelines from ISSAF and WirelessDefense.org. There are 5 phases to perform Wireless Penetration Testing: Planning, Discovery, Verification, Reporting and Post Corrective Action.
Database Penetration Testing, we follow the best practices and guidelines from OSSTMM, NIST and ISSAF. There are 4 phases to perform Database Penetration Testing: Planning, Discovery, Verification and Reporting.
For Network Devices Assessment, Ali Info Tech follows the best practices and guidelines from OSSTMM, NIST and ISSAF. There are 4 phases to perform Network Devices Assessment: Planning, Discovery, Verification and Reporting.
For Source Code Review Assessment, Ali Info Tech follows the best practices and guidelines from OWASP Code Review Project and GitLab Code Review Guidelines. There are 5 phases to perform Source Code Review Assessment: Preparing & Compiling Source Code, Discovery, Source Code Vulnerability Scanning, Verification Analysis and Reporting.
Contat us now!CALL OR CONTACT