A Security Assessment can be carried out at various levels. An enterprise-wide security assessment aims to determine control weaknesses or gaps across people, processes and technology. We offer the following services as part of the Security Assessment service suite.
Our penetration testing exercise walks through a series of tasks cultivated especially for identification and simulated exploitation of vulnerabilities. We have worked on web applications, VPNs, firewalls, mail servers, and the entire network perimeter.
NII offers comprehensive WLAN Auditing and Consultancy services to help assess the security posture of your WLAN and to configure it to the maximum security level possible.
Regardless of recent improvements in network performance and capacity, it is essential for network administrators to periodically assess the reliability of network technology and its ability to meet business needs. Consequently, network performance assessments can help organizations determine whether the programs, hosts, and applications that are installed on the corporate network function properly.
Our security audit services cover all aspects of security including people, processes, and technologies. We have expertise in auditing a wide range of operating systems, firewalls, intrusion detection systems, databases, web servers, messaging servers, network components and industry specific technologies.
We offer exhaustive security audits for all kinds of applications : stand-alone, network-based and web-based. Our Application Security Audit covers
- high-level design audit
- black-box testing
- source code audit
- development and delivery audit
- operating environment audit
Previous experience in this segment includes application security assessments for CRM and ERP software of large manufacturing and financial firms, e-commerce applications for some of the largest online stores, and client-based encryption software among others.Our skills in this area are demonstrated by the bugs we find in mission critical software from vendors such as Microsoft, Oracle, Macromedia and Nortel. Read our list of advisories here.
Our Network Architecture Reviews will help you identify configuration and topology issues through analysis of the design and configuration of the network.
Our team of experts follow a step by step procedure to do a thorough security assessment of your mission critical SCADA systems to find out how vulnerable they are against external attacks done by malicious users and how much they are compliant against the security standards such as ICS-CERT, DoE (Department of Energy), DHS (Department of Homeland Security), NIST SP 800-82 Rev 1, NIST SP 800-53 Rev 4, TR99.00.02 and ENISA guidelines for ICS systems, National ICS Security Standard, Qatar etc. We use the following tools for our assessment process such as AuditPro (our in-house developed Auditing tool), Nmap, Nessus, Super scan etc.
As part of our extensive security assessment portfolio, we also specialize in mobile application security assessments, be it black-box reverse engineering engagements or source code review analysis. We have not only done numerous such assignments, but we also blog extensively on our experience and insights into mobile application security.
The Telecom sector has witnessed huge growth especially in emerging economies of Asia, Africa and South America. This has resulted in rapid expansion of the network, addition of value-added services, and resultant increase in complexity of the entire setup.
We primarily do SharePoint Security engagements covering the following key areas.
- Security Architecture Review for SharePoint
- SharePoint Compliance and Governance
- Secure SharePoint Installation and Upgrade
- Secure SharePoint Development and Deployment
- Secure SharePoint Integration
- SharePoint Permissions, Identity and Access Management
Our secure coding experts have tested and done code reviews for a large variety of programming languages such as C, C++, Java, PHP, CGI, J2EE, Perl, ASP, and .NET systems. We have expanded our capabilities across mobile app code reviews on Android, Windows, iOS, and Blackberry platforms. We can apply the same set of principles and methodologies to web as well as mobile environments.
NII can help you to simulate DDOS attacks on selected infrastructure by executing its unique DDOS testing methodology which effectively demonstrates how robust your IT infrastructure is if a DDOS attack were to happen. By planning thoroughly and making sure the testing is executed in a tightly controlled manner that does not affect your production environment, we are able to provide a fairly accurate picture of your potential susceptibility to such an attack.
NII can help you to simulate Spear Phishing attacks on selected email ID’s of your employees. We do this by executing this as a part of our Penetration 2.0 Testing which effectively demonstrates how robust your information security awareness is inside your organization.