Firmus Security

Home
Company
Services
- Critical Infrastructure Protection
- Risk Assessment and Compliance
- Security Testing and Assessment
- Security Training and Development
- Common Criteria
- Security Executive and Talent Search
Solutions
Events & News
- Events
- News
Career
- Candidates
- Employers
Contact Us

Security Testing and Assessment

SERVICES

	Critical Infrastructure Protection

	Risk Assessment & Compliance

	Security Testing & Assessment

	Security Training & Development

	Common Criteria

	Security Executive & Talent Search

Our
SERVICES

Security Testing and Assessment

Firmus offers vulnerabilities assessment and penetration testing services; mimics an attacker intent on accessing your organization's customer data, financial records and other sensitive information. We target a point of entry via your network or application infrastructure's "weakest link", which may be visible to employees and partners in addition to external hackers. We then determine the business impact of gaining access to your network and its resources.

For each engagement, we work with you to define the attack profiles most appropriate for your organization. Like many of our customers, you can also benefit from regular, ongoing penetration testing services - especially after network or application updates.

Vulnerabilities Assessment ••

Firmus' vulnerability assessment services are used to gain a comprehensive look into the security flaws present on your network. Our time tested methodologies incorporate various open source and proprietary tools, delivering usable and informative results that your technical and managerial staff can act on instantly. We are committed to working with you through the vulnerability management process to ensure on-budget, on-time, value-added services. Several key benefits of our vulnerability assessment services are as follows:

•	Understand potential breach points
•	Reduced security risk and liability
•	Benchmark security posture
•	Protect intellectual property

Network Security Penetration Testing ••

Firmus offers comprehensive network security penetration testing to secure your information assets from attackers both inside and outside your network based on the Open Source Security Testing Methodology Manual (OSSTMM) from The Institute for Security and Open Methodologies (ISECOM). A critical complement to vulnerability scanning; penetration testing proves the extent to which vulnerabilities can be exploited.

Anticipate external attacks

External testing services replicate the kinds of access an intruder could achieve from outside your network, identifying actual attack paths that must be eliminated and providing you with a remediation plan. We not only target servers, but also perform client-side attacks to exploit vulnerabilities found on employee workstations.

Identify security threats from the inside out

Internal testing services emulate the type of access a person with network privileges could obtain via weaknesses in internal systems. Launching attacks from any network location, we utilize low-security workstations to gain control over other workstations with increasing levels of access. We then attempt to escalate our privileges to those of a system administrator with access to sensitive or confidential data.

Web Application Penetration Testing ••

We perform Web Application penetration testing using The Open Web Application Security Project (OWASP) methodology and standard to exploit your application either via authorized access or by compromising access control mechanisms.

We conduct many tests and include (but not limited to);

•	Authentication Testing
•	Session Management Testing
•	Data Validation Testing
•	Web Services Testing
•	Information Leakage
•	Configuration Mgmt Testing
•	Business Logic Testing
•	Denial of Services Testing
•	AJAX Testing

Our intention is to make application security weaknesses visible for our customer to make informed decisions about true application security risks.

Server / Device Security Configuration and Setup Review ••

Security configuration and setup review evaluates the security of your company’s critical servers & network devices, the backbone of your technology infrastructure. Such Assessment are critical because they allow FIRMUS to identify system mis-configurations that may not be detected through traditional network assessment.

During this activity, Specific network devices and operating system platforms will be reviewed against Security Configuration Baselines such as the CIS Consensus Benchmarks (www.cisecurity.org) to determine configuration weaknesses that could ultimately lead to security compromise.

Other Security Testing Services ••

Other areas of security testing that we do include;

1)	Wireless Security Assessments
2)	Communication Security
3)	Network Architecture Review
4)	Network Sniffing
5)	Social Engineering
6)	Source-code Review
7)	Application Load Test

HOME	COMPANY	SERVICES	SOLUTIONS	EVENTS/NEWS	CAREER	CONTACT US
	Our Philosophy Our Team Our Clients	Critical Infrastructure Protection Risk Assessment and Compliance Security Testing and Assessment Security Training and Development Common Criteria Security Executive and Talent Search		Events News	Candidates Employers
Copyright © 2009 www.firmussec.com. All Rights Reserved. Disclaimer \| Contact