Security Testing
Vulnerability Scans
Penetrationstests
Hybrid Security Assessment
Source Code Audit
Security Audit and Hardening Check
Vulnerability Scans
Vulnerability scans are an essential part of a company’s preventive security strategy and also represent a cost-effective alternative to penetration tests. By conducting these scans regularly, potential security risks can be identified and remedied early on before they can be exploited by attackers. The aim of our service is to increase the security of our customers by conducting a comprehensive examination of their systems and networks, while keeping an eye on the cost-benefit factor.
In today’s digital world, it is essential to proactively scan for potential security vulnerabilities. The main reasons for conducting vulnerability scans include:
- Early detection of security vulnerabilities: Identifying vulnerabilities before they can be exploited.
- Compliance: Ensuring that systems and applications comply with applicable security standards and regulations.
- Risk reduction: Reduce the risk of data loss or theft by identifying and resolving vulnerabilities early.
- Improving safety posture: Strengthening overall safety through continuous monitoring and improvement.
Our goal is to provide a comprehensive assessment of our customers’ security posture through vulnerability scanning. This includes:
- Identification and classification of vulnerabilities: Detection of security gaps in systems, networks and applications.
- Risk assessment: Assessing the potential impact of each identified vulnerability.
- Remediation prioritization: Recommending actions to remediate vulnerabilities based on their risk.
- Improving security measures: Advice on strengthening security infrastructure and practices.
Vulnerability scans are performed in the following steps:
- Preparation: Coordination of the scope and objectives of the scan with the customer.
- Scanning: Use of advanced scanning tools to identify vulnerabilities in the IT infrastructure.
- Analysis: Detailed evaluation of the scan results to identify real security risks.
- Reporting: Preparation of a comprehensive report containing the vulnerabilities found, their risk assessment and recommendations for remediation.
- Debriefing: Discussion of the results and further steps to resolve the vulnerabilities with the customer.
Our vulnerability scans focus on several areas, including:
- operating systems, applications and databases
- Network components such as routers, switches and firewalls
- cloud services and configurations
- web applications and APIs
- endpoint devices and mobile applications
- NMAP
- Nessus Professional
- Metasploit
- OpenVAS
- Nuclei
After completing the vulnerability scan:
- Remediation: Supporting the customer in planning and implementing corrective actions.
- Follow-up scans: Conducting follow-up scans to check the effectiveness of the measures implemented.
- Regular audits: Recommend a strategy for regular vulnerability scanning for continuous security monitoring.
Penetrationstest
With the help of a simulated attack, we penetrate your company’s IT infrastructure at various levels or examine your software product with regard to the current IT security level. The aim of the analyses is to improve IT security and minimize the risks of a cyber attack.
Hybrid Security Assessment
At SmartTECS Cyber Security, we have recognized that while penetration testing and vulnerability research both aim to improve system security, they are not the same. To meet the challenges of complex or highly integrated systems, we have evolved our approach. Our hybrid security assessments combine elements of vulnerability research with traditional penetration testing to provide a deeper understanding and more comprehensive assessment of our clients’ security posture.
Hybrid security assessment is an approach that aims to fully understand and assess the security of large and complex systems. This goes beyond traditional penetration testing by working directly with the client to gain an in-depth understanding of the system. The process can include aspects of threat modeling, attacker analysis, network testing, architecture review, application testing, reverse engineering and source code review as required.
Hybrid valuation offers numerous advantages over traditional methods:
- Deeper system understanding: By working closely with the customer, our experts can develop a more comprehensive understanding of the system architecture and dynamics.
- Identification of specific vulnerabilities: The detailed analysis enables the identification of specific, often overlooked vulnerabilities in complex systems.
- Tailor-made security solutions: Based on the knowledge gained, we can provide precise and practical recommendations for eliminating security gaps.
- Risk minimization: The approach enables proactive identification and minimization of potential security risks before they can be exploited.
While traditional penetration testing often uses standardized methods to assess security posture, hybrid security assessment is characterized by its flexibility and depth. It takes into account the specific characteristics and requirements of each system, resulting in a more accurate security picture.
To illustrate the effectiveness of hybrid security assessment, we consider a fictitious architecture based on real-world assignments:
A customer operates a complex application landscape with multiple interacting components, including web frontends, microservices, and a cloud-based data pipeline. Our task is to comprehensively assess the security of this architecture.
By working directly with the customer’s development team and conducting in-depth technical analysis, we identify not only obvious vulnerabilities but also subtle security risks resulting from the interaction between components. By combining different assessment methods, we can create a comprehensive security picture and provide targeted recommendations for each identified vulnerability.
The implementation of our hybrid assessment service involves several steps:
- Preparation: Working with the client to determine the scope and objectives of the assessment.
- Deep analysis: Use of threat modeling, attacker analysis, network testing, architecture testing, application testing, reverse engineering, and source code review to gain a comprehensive understanding of the system.
- Assessment: Identification and analysis of vulnerabilities based on the detailed system understanding obtained.
- Reporting: Preparation of a detailed report with the results of the assessment, including specific vulnerabilities and recommendations for their remediation.
Our hybrid security assessment service focuses on a number of testing priorities, including:
- Identification of security gaps in the system architecture and configuration.
- Assessing the effectiveness of security measures and protocols.
- Analyzing applications and APIs for vulnerabilities.
- Checking the security of network components and data transmissions.
- Examination of endpoint and mobile security practices.
Once the assessment is complete, we work closely with our clients to:
- Plan prioritized actions to address identified vulnerabilities.
- To develop strategies for the long-term improvement of the safety posture.
- Schedule regular follow-up assessments to ensure the continued security of the system.
source code audit
We use state-of-the-art static and dynamic code analysis tools to thoroughly examine your source code for vulnerabilities and potential security risks. We identify critical vulnerabilities and provide practical recommendations on how to fix the vulnerabilities.
Static application security testing (SAST) is the examination of an application system by reviewing the source code. The analysis covers various levels and perspectives of the application system:
- application-level verification
- e.g. implementation of application components, interaction with other software components, etc.
- Checking at class and logic level
- e.g. implementation of classes, control flows, input validation, etc.
- checking configurations
- e.g. for the application server, frameworks used, logging, etc.
A source code audit enables the identification of security vulnerabilities in the early phases of the software development cycle in order to prevent costly changes later in the project (Secure by Design). Since the investigation takes place at source code level, a running instance of the complete software system is not necessarily required for the analysis. By integrating security analyses into the software development lifecycle (SDLC), information and specialist expertise from the field of secure software development can be introduced during development. In addition, the analysis of the source code allows the investigation of configurations and application logic at a deeper level than is the case with a comparable form of investigation during runtime.
The aim of the analysis generally consists of the following three points:
- Identification of existing vulnerabilities and misconfigurations within the application system.
- Recommendation of suitable measures to eliminate vulnerabilities in order to increase software quality in the area of IT security.
- Determination of the application-level security level at the time of test execution based on the test results.
In addition to the general objectives mentioned above, it is possible, in consultation with the client, to determine the specific objectives and their prioritization individually in advance of the analysis and to adapt the investigation accordingly.
The analysis of source code is based on recommendations from the OWASP Application Security Verification Standard [1], the OWASP Code Review Guide [2] and the SEI CERT Coding Standards [3]. The specific analysis is adapted to the agreed customer objective and the technical conditions.
Security Audit and Hardening Check
Our comprehensive audits are supported by modern security tools and technologies to examine your entire infrastructure for vulnerabilities and potential attack vectors. With our hardening checks, we ensure that your systems are up to date with the latest security standards to protect your data and systems.
A security audit and hardening check includes the review of a company infrastructure or individual applications in the form of guideline-based interviews with the responsible contacts in the customer organization. The subject of the audit is the security-relevant processes of the organization as well as the architecture and configuration of the IT systems. In addition, a detailed review of the configuration (hardening check) can be carried out for selected systems.
With the help of a security audit and hardening check, the security level of an organization can be assessed very efficiently, while also taking business processes into account. In contrast to penetration tests, for example, an audit offers a holistic view of IT operations. By conducting it in the form of guideline-based interviews, an audit offers deeper insights into internal processes. In addition, there is usually no need to create access and authorizations for the security specialists, which saves time.
The main objectives of security audits and hardening checks are therefore to identify security gaps, assess risks and generally improve the security level.
- Identification of security gaps: A key goal of security audits and hardening checks is to uncover vulnerabilities in processes or IT systems that endanger the secure operation of the infrastructure. By identifying such vulnerabilities, companies can take measures to close these gaps and increase their security.
- Risk assessment: A security audit and hardening check can help assess risks related to the security of IT systems. By identifying and assessing risks, companies can make better decisions about what measures they should take to improve the security of their IT systems.
- Improving the security level: The ultimate goal of a security audit and hardening check is to improve the security level of an organization. By identifying and assessing vulnerabilities, companies can take measures to close these gaps and increase their security level.
As a result, the auditors provide recommendations for improving the organization’s security level through targeted measures.
The implementation of a security audit is divided into several phases. The aim is to ensure the best possible coverage of the audit topics in accordance with the customer’s objectives:
- Preparation
- preliminary discussion to define the goals
- Organizational points (time/place of implementation, contact person)
- Rough idea of the company’s infrastructure
- document review
- provision and review of relevant documents
- creation of audit plan
- Determination of the timing and content of the audit topics
- Ensuring the availability and accessibility of relevant contacts
- conducting the audit
- on-site or remote audit
- Interview-based presentation of the processes and system configurations
- documentation and reporting
- Documentation of deviations and corrective measures
- preparation of the final report
- final interview
- Presentation of the results and recommended measures to remedy the situation
- coordination of the next steps
The test points when auditing a company infrastructure are based on the standards of the Federal Office for Information Security (BSI). These include in particular the BSI Basic Protection Compendium [4] and the series of standards for Internet security (ISi series) [5]. In addition, the auditors of SmartTECS Cyber Security GmbH introduce their own test points based on experience in auditing organizations.
The specifications of the Center for Information Security (CIS benchmarks) and recommendations from manufacturers are used to test hardening measures for individual systems [6].
Sources
[1] The OWASP® Foundation, OWASP Application Security Verification Standard, https://owasp.org/www-project-application-security-verification-standard/
[2] The OWASP® Foundation, OWASP Code Review Guide, https://owasp.org/www-project-code-review-guide/
[3] Carnegie Mellon University Software Engineering Institute , SEI CERT Coding Standards, https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards
[4] IT-Grundschutz-Kompendium, BSI: https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/IT-Grundschutz-Kompendium/it-grundschutz-kompendium_node.html
[5] BSI standards for Internet security, BSI: https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/ISI-Reihe/isi-reihe.html
[6] CIS Benchmarks, Center for Information Security (CIS): https://www.cisecurity.org/cis-benchmarks/