Pentesting and vulnerability assessments

Knowing where your systems are vulnerable is the first step to protecting them. Our comprehensive assessment and analysis can reveal the gaps between where you are now and worry-free protection. A clear road map and an action plan designates the right people, processes and technologies to bridge the gaps.

RINJAcom uses its system-reinforcing and technology development expertise to create standard solutions to counter increasingly sophisticated cyber attacks, and security measures tailored for entire organizations and systems.

we offer comprehensive penetration testing and vulnerability assessments to secure your information assets against attacks both inside and outside your infrastructure.

Benefits of RINJAcom cyber security solutions
  • Protect networks and data from unauthorized access
  • Improved information security and business continuity management
  • Faster recovery times in the event of a breach
  • Improvement of confidence in the organization
  • Preserve corporate image and customer loyalty

Project Deliverables

The results of the project will be documented in a Security Assessment Report, which will include the following:

•  Executive Summary with a matrix of high priority issues identified and “layman’s” description of impact suitable for senior management
•  Comments on common areas of security weaknesses.
•  Technical Overview of issues identified including:

•  Name of web application
•  Security weakness (e.g. Input Validation flaw allows Denial of Service Condition);
•  Potential Impact (eg. High, Medium, Low);
•  Description of impact (eg. An authorized user can insert invalid input into the application causing a denial of service condition requiring full system reset);
•  Evidence of impact (e.g. screenshot, system log extract, system code
extract); and
•  Technical Description of Suggested Fix (e.g. perform known good input
validation of the following form fields in the web application).
•  Videos of the successful attack patterns to be used to highlight to management

Request a quote

medium

The RINJAcom cyber security approach

  • PHASE 1 –NETWORK SECURITY ASSESSMENT
    This phase ensures the network devices protecting the Web servers are configured correctly, including border facing routers, switches, and firewalls. This will involve the following:

    •  Network Discovery – Using a combination of public and proprietary network mapping tools, network sweepers and port scanning tools, Rinjacom will gather accessible information about the physical network structure and identify available network services.
    •  Network Configuration – The configuration of firewalls, routers and switches will be examined for any anomalies against your company’s procedures and standards. SNMP strings and encrypted passwords will be examined as well as ACL’s and open ports.
    •  Vulnerability Identification – After confirming the system’s indentification, Rinjacom will conduct vulnerability assessment activities with open source tools and our proprietary vulnerability database in order to identify potential vulnerabilities in all network devices.
    •  Exploitation Testing – After gaining express approval for the nature and time of testing, Rinjacom will attempt to confirm vulnerabilities using exploit code developed and tested for the task. This includes documentation and video footage to demonstrate the effectiveness of the attack.

  • PHASE 2 –SECURITY ASSESSMENT OF SERVER OPERATING SYSTEMS AND WEB SERVERS
    In order to assess the security of the server operating systems and web server software, the following phases of the Security Assessment methodology will be undertaken using your Policy and other standards.

    •  Operating Security Controls – Rinjacom conducts a full review of your company’s servers platform housing the web server.  This includes but is not limited to: patch levels, registry lockdown, user accounts, service accounts, file permissions, enumeration settings and SNMP configuration. Open source and commercial tools will be utilized.
    •  Web Server Security Controls – A full review of your IIS/Apache configuration including but not limited to lockdown, removal of the default configuration, modules selected, log file security, patching, consoles, and retention. Open source and commercial tools will be utilized.
    •  Vulnerability Identification – After confirming the system’s identification, Rinjacom will conduct vulnerability assessment activities with open source tools and our proprietary vulnerability database in order to identify potential vulnerabilities in all services.
    •  Exploitation Testing – After gaining express approval for the nature and time of testing, Rinjacom  will attempt to confirm vulnerabilities using exploit code developed and tested for the task. This includes documentation and video footage to demonstrate the effectiveness of the attack.

  • PHASE 3 –SECURITY ASSESSMENT OF WEB APPLICATIONS
    The final phase is where the majority of hacking attacks take place. Analysis of cookies, code inspection,
    encryption types, randomness and input validation will be carefully analyzed. These attacks are not stopped by firewalls and are now 70% of all hacker successful attacks.

    •  Code Inspection – All web server code, including PHP, JAVA, C# (.NET) and HTTP will be inspected
    for potential buffer overflows.
    •  Administrative Interfaces -To determine the extent of any administrative interfaces used and whether or not they are secure.
    •  Authentication and Access Control – To determine the adequacy of the authentication and access control configurations.
    •  Configuration Management – To determine the adequacy of change management procedures.
    •  Input Validation – To determine whether the web application can be manipulated by inserting invalid input in order to extract sensitive information or perform unauthorized functions.
    •  Parameter Manipulation – Determine whether parameters in the web applications can be manipulated to extract sensitive information or perform unauthorized functions.
    •  Session Management – To identify the session management mechanism used and to determine any security control weaknesses.
    •  Business Logic – Determine whether business logic controls can be bypassed.
    •  Links – Review of any links to other connected servers including middleware/database servers.

0+

Years experience

0+

Certified experts

0%

End user satisfaction

0+

Projects Done

0countries

Branches

Our Managed IT services will help you succeed. Let’s get started

How It Works

GET AN IT SOLUTIONS QUOTE

Please contact our team or complete the form below. A representative will contact you shortly.

  • Let’s Talk

    We’ll chat about your business, how you use technology, and how our solution can help +233553758449.

  • Choose Your Plan

    You’ll choose the IT service and plan that works best for your organization.

  • Start Your IT Experience

    Within days, you’ll be experiencing RINJAcom IT solutions like never before.