Security Assessment & Advisory

Voicetech is committed to effectively assess and identify the cyber risks with enterprise applications, IT systems and security infrastructures (incl. cloud IT environments and on-premise networks) to assist our customers in timely management of risk issues that pertain to data exfiltration, persistent threat, privilege abuse, etc.

Our cyber security assessment team will assist customer to understand inherent security design flaws, vulnerabilities and non-compliances identified in vendor product, and empower customer’s to proactively manage the open risks through contractual obligations in the vendor contracts.

Penetration Testing services delivered by Voicetech cover black-box and grey-box approach with a combination of automated tools and manual techniques to eliminate the false positives and determine the exploitable vulnerabilities in applications and infrastructures, and formally report the identified security risks to the senior stakeholders in customer organizations.

Penetration Testing

Voicetech’s Penetration Testing services cover black-box and grey-box approach with a combination of automated tools and manual techniques to eliminate the false positives and determine the exploitable vulnerabilities in applications and infrastructures, and formally report the identified security risks to the senior stakeholders in client organizations.

Our penetration testing team will adhere to applicable legislative & regulatory requirements and industry standard frameworks conduct penetration testing holistic blended approach of industry proven tools and manual analysis to expose the unknowns. We cover four scenarios during the penetration testing of customer’s
  • network external penetration testing without authentication (from the perspective of a ‘naive hacker)
  • external penetration testing with authentication (from the perspective of an adversarial client or contractor)
  • internal penetration testing without authentication (e.g. from the perspective of a visitor at the company)
  • internal penetration testing with authentication (from the perspective of an adversarial employee).

A. External Network Penetration Testing

External network vulnerability assessment and penetration testing is crucial to demystify the security exposures that are used to launch a cyber-attack launched from internet. The security assessment of internet facing system test help discover the vulnerable network services that can be exploited by unknown threat sources.

B. External Web Application Penetration Testing

This penetration test will adopt Black-box testing approach to identify the security vulnerabilities in the business and enterprise applications, with a blend of automated and manual technical security assessment techniques indicated by OWASP (Open Web Application Security Project) standard and all other leading industry frameworks.

C. Internal Web Application Penetration Testing

This penetration test is a critical control to secure the business and enterprise application that particularly performing Gray-box testing approach, which will leverage valid credentials of standard and privileged uses to ensure a detailed pen testing of the application is performed across various access levels and related application modules and functions.

D. Internal Network Penetration Testing

Penetration testing of internal network involves identification of live hosts and active services to determine the vulnerabilities to exploit for gaining access, furthermore proceed with the post-exploitation actions such as pivoting that leverages compromised system to further enumerate and gain access to other critical systems in the network. The outcome helps client’s security team to reduce possibility of cyber-attacks by identifying vulnerabilities and configuration issues that hackers exploit to penetrate the client’s network.

E. Thick Client Penetration Testing

This adopts Gray-box testing approach with valid user credentials shared by the client’s team or created upon free sign-up by the pen tester. Thick client application security testing attempts to elicit exception conditions and anomalous behaviour from the application(s) by manipulating the identified inputs - using special characters, LDAP keywords, maliciously crafted requests, etc. any unexpected reaction from the application(s) was noted and investigated.

F. Mobile Application Security Testing

Mobile application security testing involves reverse engineering of the application to identify the business logic and performing the local data storage analysis to check the effectiveness of cryptographic controls. Manual assessment refers to various vulnerability databases to identify vulnerabilities that were missed during automated scans in addition to security verification of business logic flaws, broken access controls, etc. in alignment with OWASP mobile security standard.

G. Wi-Fi Security Testing

Wireless penetration tests assess the adequacy of multiple security controls designed to protect unauthorized access to wireless services. Testing attempts to exploit wireless vulnerabilities to gain access to private (protected) wireless SSIDs or to escalate privileges on guest SSIDs intended to be isolated from private networks

Security Architecture Review

Network Security Architecture & Design review will cover both on-premise and managed private cloud environments to analysis of the network schematics and security design considerations for the internet and private WAN perimeter, data centers, de-militarized zones, corporate user network to ensure the protection of network architecture and business-critical IT assets, sensitive data stores and business-critical external integrations.

Our cyber security architects will:

  • Review the IT solution to define customized security requirements and develop the security architecture & design blueprint
  • Develop technical security configuration standards and support customer teams during the implementation with security advisory
  • Conduct an independent security architecture review of the overall deployment prior to the go-live.

Our Cyber Security Risk Assessment team will conduct assessment aligned to NIST SP 800-37 (Risk Management Framework) and cover NIST SP 800-53 (Cyber Security Framework)

Red Team Assessment

Red Team Assessment service delivered by Voicetech involves covering real-world attack on our client’s organization using the tools, techniques and procedures covering full attack lifecycle, with a well-defined objective to execute a comprehensive security evaluation of our client organization’s people, process and technology by emulating network security attacks, internet-facing application security attacks, social engineering attacks, physical security attacks and leverage the OSINT techniques to identify and attack all the vulnerable entry points into the client’s organization and assess security incident response effectiveness.

Our Red Team’s objectives include worst-case scenarios that comprise:

  • Compromising the target's security by exfiltrating data, bypassing the physical security controls and executing attacks against the targeted employees in the organization.
  • By executing tricky attacks such as low and slow, the attack may go undetected by the blue team managed security controls.
  • Exploiting the loopholes and weaknesses in the target’s applications and infrastructure in order to identify the effectiveness of the security controls to understand the real security posture.
  • Working closely with the blue team in detecting certain types of attacks which went undetected.

Our Red Team's methods include:

  • Information gathering using the Open Source Intelligence (OSINT) techniques about the target organization.
  • Deploying command-and-control servers (C&C or C2) to establish communication with the target's network.
  • Performing evasion techniques to evade the security controls managed by Blue Team.
  • Applying social engineering techniques to lure employees into exposing or revealing sensitive information to compromise their machines.
  • Physical security controls evasion to get access into the organization.

Our Cyber Security Risk Assessment team will conduct assessment aligned to NIST SP 800-37 (Risk Management Framework) and cover NIST SP 800-53 (Cyber Security Framework)

New Product Security Assessment

Customers could engage Voicetech‘s security assessment team to represent and advocate them during the security evaluations and proof of concepts (POC) of new vendor IT product, applications and vendor managed SaaS/PaaS offering, that is prior to procurement.

Our scope of technical security assessment shall cover the more 10 control-domains and have a well-defined delineation of roles to avoid overlap with the customer’s vendor risk assessment and management team. Our cyber risk assessment team will assist customer to understand inherent security design flaws, vulnerabilities and non-compliances identified in vendor product empower customer’s to proactively manage the open risks through contractual obligations in the vendor contracts

Device Security Configuration Review

Our security team will review the configuration of systems such as servers, network devices and databases against a predefined configuration checklist. The objective is to identify vulnerabilities due insecure settings and missing patches.

The checklist can be tuned to map to an organization’s standard operating environment (standard configuration) and can be used to report all non-compliances to it, either one time or on a periodic basis

2nd floor, Vinutha Tower,
Dr Puneeth Rajkumar Rd,
Near Agara Flyover,
OPP Agara Lake, Above FreshZone,
1st Sector, HSR Layout, Bengaluru,
Karnataka 560102

+91 96118 24441

info@voicetechnetworks.com

Copyright ©2018 Voicetech Networks pvt | Powered By Orbio Solutions Pvt. Ltd