What We Offer
Click the any link below to jump to the corresponding section!
- Cloud Computing Security Assessment
- External Assessment
- Firewall Security Assessment
- Host Security Configuration Assessment
- Internal Assessment
- CCTV / IPTV Security Assessment
- Mobile Security Assessment
- Network Architecture Assessment
- Physical Security Assessment
- Social Engineering
- VoIP Security Assessment
- VPN Security Assessment
- Wireless Network Security Assessment
- Application Threat Modeling
- Interactive Voice Response (IVR) Assessment
- Mobile Application Assessment
- Source Code Security Assessment
- Thick Client/Binary Application Assessment
- Web Application Penetration Assessment
- Red Team Assessment
- Security Intelligence Services
- Human Capital Due Diligence
- Competitive Intelligence
- Counter-Competitive Intelligence
- Custom Solutions
Cloud Computing Security Assessment
Cloud computing offers several key advantages to organizations, including reduced costs, automation, hardware independence, high availability, and increased flexibility. Use of cloud technology also alters the risk landscape, impacting confidentiality, privacy, integrity, regulatory compliance, availability, and e-discovery, as well as incident response and forensics. Therefore, it is important to ensure that proper security controls are in place.
Security 411’s Cloud Computing Security Assessment covers all the major cloud computing architectures, including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS).
As a cloud computing service provider or as a private cloud host, Security 411 creates a custom engagement that assesses the implementation’s physical and application security. Security 411 then provides a letter of attestation to disseminate to your new and current customers, assuring them that your cloud solution is secure.
Security 411’s methodology for each engagement is based on our overall assessment approach that includes:
Architecture & Design Assessment
In the Architecture & Design Assessment phase, Security 411 consultants examine:
- Network topology
- Key assets
- Data storage and operation
- Input and output endpoints in system
- Trust boundaries
- Access controls
- System and network isolation
- Administrative controls for cloud vendor
- Administrative controls for business owner
Cloud Infrastructure Security Assessment
In the Cloud Infrastructure Security Assessment, Security 411 consultants examine the logical network, applications, and services hosted by the cloud. Key services in this assessment may include the following:
- Internal and external penetration
- Application or product penetration
- Host security configuration
- Firewall security
- VPN and remote access security
- Physical security
- Attack and penetration
- Information retrieval
- Pillage and cleanup
Governance, Policies & Procedures Review
The policies, procedures, and regulations followed by your organization may not be consistent with security best practices or compliant with regulations. Vendor policies and procedures are compared to industry best practices and regulatory compliance requirements that are specific to your organization. Based on the results from a comprehensive review, policies, procedures, and service legal agreements can be developed to bridge identified gaps. The areas covered as part of this review include:
- Legal contract and SLA review
- E-discovery and information management
- Information and data lifecycle management
- Compliance and audit
- Business continuity and disaster recovery management
- Information integrity and confidentiality assurance
- Operation, administration, and access management procedures
- Incident response management and forensics
All Security 411 projects are managed using our proven Security Engagement Process (SEP). A critical aspect of this process is continual communication with your organization to ensure the success of the engagement. The duration of this engagement depends on the size and nature of your cloud computing efforts and project scope.
External Assessment
Security 411 Internet security consultants follow a proven successful methodology to conduct premier and unparalleled security assessments. By focusing on protecting mission critical assets from threats with effective and efficient countermeasures, the highest levels of assurance and business value are achieved for our customers.
The process begins with securing Internet-connected devices on your network. Security 411 Internet security consultants identify and extensively test potential points of attack after identifying every host, open port, and available service. Examples of these vectors include routers, firewalls, DNS servers, web servers, database servers, and even legacy hosts that have no Internet-related business purpose. Security 411 attempts to identify all vulnerabilities and focus on areas in which a compromise would have the greatest impact and highest risk to your business. Our consultants also understand the policies and regulations that drive the need for security, especially for e-commerce and financial services. Our analysis is not disruptive to your organization’s daily operations, and causes minimal or no impact on staff and business productivity.
- Footprint analysis and information gathering
The footprinting and information gathering phase results in a detailed map of your company’s network and its Internet security profile, the two major components to measuring the network’s overall risk. Our Internet security consultants map your network without significant prior knowledge about your company’s network. This allows us to create a thorough design and overcome any blind spots you might have. We gather domain names, IP network ranges, and information about hosts, such as operating systems and applications. - Vulnerability scanning
The information collected during the footprint analysis and information gathering phase is used to perform vulnerability scanning and penetrate networks. Security 411 takes a comprehensive view of the network and chains multiple, low-risk vulnerabilities in order to achieve a high level of access into the target network. This vulnerability linking typically results in exfiltration of sensitive data such as password hashes, restricted databases, or attaining specific assets that your company identifies. - Penetration testing
Security 411’s penetration testing provides the most thorough Internet defense test available. Security 411 Internet security consultants analyze Internet systems for any weak points or information that could be used by an attacker to disrupt the confidentiality, availability, or integrity of Internet-connected systems.
Security 411’s proprietary penetration testing methodology is divided into two essential phases for an exclusive holistic and detailed understanding of your company’s network that demonstrates how best to protect your most important assets. For organizations that require the most comprehensive penetration testing activity on their networks, Security 411 offers a variety of options, including social engineering, denial-of-service testing, intrusion detection system and incident response validation exercises, and more. Security 411 consultants analyze the results and develop an accompanying executive summary that details trends, architectural, and systemic issues.
Firewall Security Assessment
Perimeter and network security is the first line of defense in many organizations. Firewalls are a critical component of network security. However, misconfigurations, poorly planned or executed policies and deployment architectures can lead to a false sense of security. Security 411 network security consultants support and advise clients by performing detailed analyses on these critical components to ensure that malicious intruders do not gain access to corporate assets.
During a Security 411 Firewall Security Assessment, our security consultants review device configurations and architectures, perform vulnerability scans as needed, and conduct interviews with firewall and network administrators. Device configurations are reviewed line by line to ensure that they follow the industry’s best practices applicable to the environment. Network diagrams and interviews with network administrators are conducted so that we can fully understand your network and its vulnerabilities.
Host Security Configuration Assessment
Security 411 Host Security Configuration Assessment evaluates the security of your company’s mission critical servers, the foundation of your technology infrastructure. We analyze the operating system and application-level security issues of your company’s operating environments. Security 411 reviews administrative and technical controls, identifies potential and actual weaknesses, and recommends specific countermeasures.
Host Security Configuration Assessments are essential because they allow us to identify vulnerabilities that cannot be detected through network assessments. These assessments are the most effective mechanism to comprehensively evaluate the security of your organization’s critical assets.
Security 411 performs Host Security Configuration Assessments for Microsoft Windows and UNIX environments, including important applications such as IIS, SQL Server, and Apache. We also perform configuration assessments of routers. Security 411 has performed hundreds of Host Security Configuration Assessments for systems in production environments, including e-commerce web servers, financial databases, and Internet-facing bastion hosts. We have compiled a comprehensive set of audit points based on our experience with penetration testing as well as industry standards such as the CIS benchmarks.
Our knowledge base includes current and emerging technology, so that our Host Security Configuration Assessment checks for the latest security patches and configuration methods for the newest applications and servers. Our experienced consultants determine where the highest-risk problems occur and how to address those issues at a policy level. Finally, our techniques include the use of customized scripts that can be run by your administrators to collect data for assessment.
Security 411’s methodology is created from established public guidelines, best practices, and our consultants’ experience. Security 411 has developed custom tools to automate the collection of data. We use these scripts to help identify high-risk misconfigurations or omissions in your company’s server builds. Levering our experience, we test the overall risk of the host, rather than just check off a list of specific vendor-recommended points. As a result, we are able to identify the controls that most need improvement to reduce the risk faced by the host.
We thoroughly check the satisfactoriness of security controls on the features and functions listed for various operating systems and devices, including:
- Microsoft Windows 2000 and higher
- Unix (including Solaris, HP-UX, Linux, Tru64, and AIX), and Novell
- Specific applications such as IIS, SQL Server, and Apache
- Router and switch hosts
Microsoft Windows & UNIX Hosts
We create a quantitative analysis of risk that is compared between different operating systems and applications. Each host is measured against the security practices from our methodology:
- Account management and security
- Password storage mechanisms for adequate restrictions
- Password generation and management controls
- Appropriate permissions for users’ accounts
- Unique accounts for all users
- Identify domain or server account policies for password rules, login time restrictions, and intruder detection and lockout
- Test password policy using password crackers, such as LOphtcrack or John the Ripper
- File management and security
- Correct permissions for system, application, data, and user files
- Shares do not expose unnecessary data
- Shares are restricted to appropriate users and groups
- File integrity is monitored (Tripwire, MD5 Checksum, and others)
- Anti-virus software is installed, up to date, and functioning
- Patch level
- An environment and procedure exists for testing patches before deploying to production systems
- Security-related patches for the operating system have been applied
- Security-related patches for applications have been applied
- Network security
- No unnecessary protocols are enabled
- Only business-related services are running
- Common services have been adequately secured (FTP, HTTP, Network File System, RPC services, X Windows)
- Host-level firewall or other network access control mechanism is enabled, where appropriate
- Modem security follows established policy
- Logging and auditing
- Default operating system auditing has been augmented
- Applications configured to generate log data and log files are backed up
- Logs are periodically assessed for suspicious activity
- System times are synchronized with a central server
- General security management
- Ensure that applications are executed with a least-privilege concept
- Check potential for start-up executables and scripts that may provide a backdoor vulnerability based on insecure permissions or implementation
- Identify extent and type of trust relationships between domains
- Identify extent and type of trust relationships between individual systems
- Detection of previous intrusion
- Look for the presence of common Trojans and backdoors
- Check suspicious file permissions
- Check suspicious user accounts, such as an account that is unaudited, or has a blank password or excessive rights
- External controls (where applicable)
- Physical security
- Backup strategy
- UPS
- Fire suppressions
- Environment (AC, humidity)
Host Application Assessment — Web & Database Servers
Security 411 also assesses the installation and configuration of major applications such as Microsoft IIS and SQL Server. These applications often pose a high risk to the network because of their history of vulnerabilities and Internet connectivity. These assessments include in addition to the above, a review of:
- Secure configuration
- Separation of privileges
- Recommended practices
- Logging and auditing
Router and Switch Host Assessment
These assessments begin with the technique described above to evaluate the configuration of the host. Additional tests are performed to assess the particular function of the router and switch. The methodology targets high-level concepts by tracking the following specific, detailed points:
- Access control lists that restrict packet flow
- Configurations to prevent or minimize spoofing attacks
- Filtering rules that restrict traffic destined for the router or firewall
- Check authentication methods for remote and local access, and determine the adequacy of these controls
- Determine whether per-port security is enabled to eliminate unauthorized spanning, where applicable (Cisco switches)
- Examine authentication mechanisms for routing table updates
- Examine routes, especially static ones, for security concerns
- Examine the adequacy and security of logging configurations
- Ensure installation of recent software updates
- Examine hosts for unnecessary services; check services configuration for appropriate security controls
Security 411’s methodology not only points out specific areas that should be addressed to reduce a host’s risk exposure, it also provides recommendations for how to develop baseline for deploying servers. These recommendations protect the system from known vulnerabilities and zero-day exploits, which reduce the potential attack vectors.
Internal Assessment
Security 411 consultants follow a tried, tested, and proven methodology to conduct superior infrastructure security assessments. By protecting the right assets from the right threats with the right measures, we achieve the highest levels of assurance and business value for our clients.
Protecting critical assets from the most severe threats begins with securing all devices connected to your network. Security 411 security consultants identify and thoroughly test potential points of attack after enumerating every live host, open port, and available service. We then attempt to identify all vulnerabilities and focus on areas where a compromise would have the greatest impact and highest risk to your business. We also understand the policies and regulations that drive the need for security, especially for e-commerce and financial services. Our analysis is not disruptive to your organization, and causes minimal or no impact on staff and business productivity.
- Information gathering
The footprinting and information gathering phase results in a detailed map of your company’s network and its Internet security profile, the two major components to measuring the network’s overall risk. Our Internet security consultants map your network without significant prior knowledge about your company’s network. This allows us to create a thorough design and overcome any blind spots you might have. We gather domain names, IP network ranges, and information about hosts, such as operating systems and applications. - Vulnerability scanning
The information collected during the footprint analysis and information gathering phase is used to perform vulnerability scanning and penetrate networks. Security 411 takes a comprehensive view of the network and chains multiple, low-risk vulnerabilities in order to achieve a high level of access into the target network. This vulnerability linking typically results in exfiltration of sensitive data such as password hashes, restricted databases, or attaining specific assets that your company identifies. - Penetration testing
Security 411’s penetration testing provides the most thorough Internet defense test available. Security 411 Internet security consultants analyze Internet systems for any weak points or information that could be used by an attacker to disrupt the confidentiality, availability, or integrity of Internet-connected systems.
CCTV / IPTV Security Assessment
IPTV is an emerging technology that enables IP-based digital TV, video-on-demand, and other services. It is made possible by the advent of broadband and voice services using very high bitrate DSL (VDSL). IPTV services are expected to be deployed to millions of households in the next few years. But as IPTV technology grows, the threat increases as well. Vulnerabilities include spamming, spoofing, content theft, and other attacks. Security 411’s IPTV Security Assessment protects against these threats and ensures that IPTV technology is secured and follows the industry’s best practices.
Security 411 assesses IPTV in these five major phases:
- Architecture and design assessment
Evaluate the infrastructure and security practices in the architecture and design. - External penetration testing
Evaluate the security of Internet-facing hosts. - Host configuration assessments
Assessments of the configurations of routers, switches, and servers against industry best practices. - IPTV services security assessment
Evaluate the security of the IPTV service from a customer’s perspective and determine if it could allow service fraud, denial of service, or other attacks. - Policy and procedure gap analysis
Evaluate the gap of the current policies and procedures against known best practices according to the ISO 27001 / 27002 security standard.
Mobile Security Assessment
Malicious actors are constantly finding new ways to compromise your company’s network. One of the emerging trends used by hackers is attacking insecurely configured mobile devices like notebook computers, smartphones, and BlackBerries. These mobile devices all have access to your corporate network via email, VPNs, and other remote access methods.
Security 411 continues with its innovative efforts in the field of security by protecting your company from the latest mobile security threats. We will assess, analyze and attempt to penetrate your mobile network. This multifaceted approach to identifying security vulnerabilities ensures that the greatest number security vulnerabilities are recognized and remediated.
Security 411 will follow the four major phases listed below during your assessment:
- Architecture and design assessment
Evaluate the infrastructure and security practices in the architecture and design. - Mobile client and server penetration testing
Evaluate the security of the mobile devices and the backend servers that control them. - Mobile security assessment
Evaluate the security of the mobile device from an end user’s perspective and determine if the mobile device could allow potential compromise of confidential data, a denial of service, or other attacks. - Policy and procedure gap analysis
Evaluate the gap of the current policies and procedures against known best practices according to the ISO 27001 / 27002 security standard.
Network Architecture Assessment
Security is one the most important aspects of a new network designs. A secure network design allows for greater network segmentation, more detailed access controls, better logging and monitoring, and the removal of single points of failure. A network’s infrastructure and architecture security is the foundation for your entire company’s security; therefore, each network device must be well secured and properly configured. Implementing secure-by-design architecture can mitigate many vulnerabilities.
Security 411 security consultants perform detailed analysis on the network architecture and identify all vulnerabilities by using a comprehensive three-phase approach to ensure that malicious actors do not gain access to critical assets.
The overall network architecture review includes evaluating the current security technology and processes in your organization, determining the critical information assets in your infrastructure, and analyzing the security roles in regards to the infrastructure. Our process consists of interviews and documentation review. Security 411 can also leverage the knowledge of your infrastructure gained during other assessments.
During this assessment, Security 411 security consultants analyze the security architecture of your company’s infrastructure. Security 411 evaluates the current design of various security control procedures and processes that are in place to determine their effectiveness and alignment with your company’s security goals. Our methodology takes a comprehensive look at the strengths and weaknesses in your technical security architecture. Security 411 will examine the following components:
- Key design assumptions
- Technology inventory
- Security administration procedures
- Network topology
- Network access controls
- Host access controls
- Authentication and access requirements
- Administrative and maintenance channels
- Business resumption and contingency preparedness
- Technical and application architecture for providing customer services through web and associated channels
- Reliance on third-party systems and products
- Functional data flow (including security control points)
The components listed above are assessed in three primary phases:
- Documentation review— Evaluate the current requirements, architecture, and design, for any design issues or exposures. This phase also includes a review of policies and processes related to network design.
- Vulnerability scanning and penetration testing— Evaluate the security of each host by doing a network device vulnerability scan and penetration test.
- Administrator interviews— Conduct an interview with the network administrator that focuses on industry best practices in infrastructure design, and validate the findings from documentation review, vulnerability scans, and penetration tests.
The last step in the process assesses how management addresses security monitoring, escalation, and follow-up procedures that provide your organization with preventative and adaptive security capabilities.
This program includes:
- Incident response requirements and solutions
- A clearly-defined, rules-based escalation procedure for effective security incident response
Physical Security Assessment
In today’s environment, evaluating of the physical security of facilities and structures is a critical aspect of an organization’s information security and business continuity planning. Security 411 addresses this risk with a team of skilled experts who are able to blend their complementary experience and expertise to focus on the mission critical components of physical security that impact an organization’s computing environment.
Security 411’sphysical security reviews are performed and analyzed in the context of your organization’s overall risk management strategy. The criticality of assets within the environment and the perceived threats directly impacting the level of exposure classified as acceptable is considered. By analyzing a variety of factors, including assets, threats, and exposure, Security 411’sphysical security review provides more than a list of actionable security recommendations. We prioritize risks and make recommendations that align physical security with your company’s overall risk management strategy. This holistic approach enables you to protect your assets with the appreciate level of security.
During an onsite assessment, our consultants perform physical inspections of structures and operations. Security 411 begins each physical security review by gaining an understanding of the assets being protected and the perceived threat environment. Through interviews and a review of policies and procedures in regards to physical security operations, Security 411 gains a deeper understanding of the level of protection desired and needed in a specific location. Utilizing with this knowledge, Security 411 conducts the review of the facility. Key areas assessed include:
- Facility security
- Entry points
- Data center
- User and sensitive environments
- Access control and monitoring devices
- Guard personnel
- Wiring closets
- Internal company personnel
- Control and accountability
- Use of equipment
- Security procedure compliance
- Awareness
- Use of break areas and entry points
- External visitor and contractor personnel
- Control and accountability
- Use of equipment
- Security procedure compliance
- Use of break areas and entry points
- Computer systems and equipment
- Workstations
- Servers
- Backup media
- PDAs
- Modems and physical access points (visual ID only)
- Sensitive information and data
- Control
- Storage
- Destruction
Security 411 does not conduct sweeps of the electronic spectrum to identify and isolate covert listening or transmission devices. We have relationships with several highly-reputable firms that can provide this specialized service, if requested.
We offer services beyond our overt assessment process including the use of covert red-team assessment techniques. These efforts include tactics such as social engineering, pretext entry, security systems bypass, device or Trojan planting, long-range surveillance, and other methods.
Social Engineering
The term “social engineering” has been used for years by hackers to describe the technique of using persuasion or deception to gain access to information systems. Such access is typically implemented through human conversation or other interaction. The medium of choice is usually the telephone, but it can also be communicated via an email message, a television commercial, or countless other mediums for provoking human reaction. Consider a floppy drive or CD labeled “Payroll” and left in a hallway or restroom within an organization. On the media is malicious code. Would anyone in the organization insert this media into their computer and access the contents?
Security 411 tests the type of social engineering that best fits your organization and its culture. Our methodology is similar to our approach to security assessments. We begin with target identification and information gathering, followed by exploitation attempts. We systematically apply these principles in a customized methodology based on the objectives of the particular situation.
We work closely with our client to define the test scenarios that are tailored to specific policies and processes within their organization. Security 411 can evaluate procedures that in place by making obvious attempts at gaining confidential information without proper authorization. This is an a superior method to test the effectiveness of a security awareness training program or lay the foundation for creating such an awareness program.
Three common attack vectors identified include:
- Phone calls to individuals within the organization. This will normally include the help desk and specific individuals that are identified as critical company personnel.
- Carefully crafted phishing emails, targeting specific groups or individuals that attempt to coax information from the recipient.
A floppy drive or CD with malicious code and an enticing label, such as “Payroll” or “Quarter-end Preliminary Results,” that is left in a hallway or restroom in specifically targeted locations. - Regardless of what type of social engineering testing is performed, upon completion we will provide a detailed report about the policies tested and the results of each attempted breach.
VoIP Security Assessment
The combination of voice, data, and video provides organizations with cost savings. As this technology increases in popularity, VoIP is being integrated into many networks and must be secured as required by government regulations like GLBA and HIPAA.
Security 411 will assess and attempt to penetrate your VoIP network. This multifaceted approach ensures that the greatest number vulnerabilities discovered.
Security 411 will follow five major phases during your assessment:
- Architecture and Design Assessment
Evaluates the infrastructure and security practices in the architecture and design. - External Penetration Testing
Evaluates the security of Internet-facing hosts. - Host Configuration Assessments
Assesses the configurations of routers, switches, and servers against industry best practices. - VoIP Services Security Assessment
Evaluates the security of the VoIP service from a customer’s perspective and determines if the VoIP service could allow potential service fraud, denial of service, or other attacks. - Policy and Procedure Gap Analysis
Evaluates the gap of the current policies and procedures against known best practices according to the ISO 27001 / 27002 security standard.
VPN Security Assessment
If remote users connect to your network via VPN, you run the risk of malicious actors using it as an entry point to your internal network. Security 411 helps avoid malicious infiltration and ensures complete end-to-end security with the Virtual Private Network (VPN) Security Assessment.
We review the policy and procedures used to maintain and operate the VPN, and assess the current configuration of the VPN and associated systems. During the review, Security 411’s security consultants work with system and network administrators to obtain the necessary information and data to evaluate existing policy and procedure documentation, assess actual procedures in use for VPN operations and administration, review the technical design of the VPN deployment, and identify issues in any of these areas.
Security 411 also performs a technical evaluation of the VPN configuration, which may include external and internal network scans, authentication and authorization testing, and system vulnerability testing. Deliverables include an executive summary overview, and detailed technical and testing results. Security 411 VPN Security Assessment methodology consists of the following:
- External and internal VPN vulnerability scan
- VPN policy and procedure review
- VPN architecture review
- Interview with the VPN administrator
Wireless Network Assessment
Malicious intruders are continually testing network access points for misconfigurations, vulnerabilities, and weak security controls, in order to compromise network defenses. The growth in unauthorized access to networks through wireless technologies has increased risk to organizations. Security 411 has extensive experience identifying access points and rogue devices, analyzing their security configurations, testing for vulnerabilities, and implementing security policies that minimize risk.
Security 411’sWireless Network Security Assessment meets the security challenges of mission critical wireless technologies. These technologies pose unique threats because their signals broadcast outside physical boundaries and are difficult to manage. Misconfigurations and weak security protocols allow for unauthorized access and increased risk to assets.
Security 411 developed innovative techniques for evaluating wireless networks. Understanding how enterprise vulnerabilities are exploited and how to measure subsequent risks allows our experts to create the right solutions to secure your critical assets. Working with your staff, Security 411 security consultants analyze and archive all wireless network access points, identify and exploit weaknesses in the wireless network, and assess the overall exposure of the company to wireless network attacks. The assessment proposes the best techniques and procedures to secure the environment based on business requirements and best practices for wireless security.
Research has shown that identifying and remediating security problems early in the development cycle is more efficient and cost-effective than the traditional penetrate-and-patch model. Security 411’ssoftware and application security services allow our consultants to identify potentially dangerous software security problems — often before the software is even built.
Software engineering studies show that approximately 80% of security bugs and flaws are introduced during the early stages of software development, often before even a single line of code is written. Using threat modeling, we can typically identify over 75% of the architectural flaws, enabling development teams to prevent implementing insecure software.
Security 411 consultants are expert analysts and have helped a number of major software, financial services, and other companies develop software security methodologies. We have significant experience reviewing a wide variety of software, including portals, e-commerce sites, financial services and health care applications, and desktop and developer software.
Security 411’scapability in secure application development originates with our software and application security service (SASS) consultants, who have performed threat models and source code audits on numerous client applications, as well as their own software. Our SASS consultants worked as development practitioners on commercial enterprise software systems and understand the software development process, as well as why and how security bugs and flaws are introduced.
Application Threat Modeling
Research has shown that identifying and remediating security problems early in the development cycle is more efficient and cost-effective than the traditional penetrate-and-patch model. Security 411’ssoftware and application security services allow our consultants to identify potentially dangerous software security problems — often before the software is even built.
According to software engineering studies, about 80% of security bugs and flaws are introduced during the early stages of software development, often before even a single line of code is written. Using application threat modeling, we can typically identify over 75% of the issues, enabling development teams to prevent implementing insecure software.
Conceptually, threat modeling is a systematic process that consists of several individual steps with clearly defined ingress and egress criteria, deliverables, and objectives. By following key steps, we ensure that our threat modeling is focused and provides actionable and advantageous information.
As with all good processes, the first step is to propose and optimize the process for a successful outcome. This includes:
- Identifying the threat modeling team
- Defining the risk ranking model to be used (if any)
- Agreeing on terminology for the modeling activity
The second step is to model the business view, or the business environment, in which the system operates. This needs to be analyzed to ensure that the systems’ functionality and business purpose is understood. Laws, guidelines, policies, and other relevant regulations must be considered.
In the final step, the system is analyzed from a technical standpoint. A comprehensive understanding of the system is critical for the success of the whole process. As part of this step, Security 411 consultants perform a thorough architecture and design review for security that concentrates on identifying the attack surface and potential attack vectors.
Based on the information collected during this process, we can model threats and current countermeasures. From there, we develop a model of your risk level. We designed our methodology to be general enough for different risk models.
We produce both graphical and textual models that are used to drive practical security decisions. Our deliverables typically include Microsoft Office Visio-based models of the application architecture, as well as the sorted and tabulated data and results. Our models can include testing plans on demand.
Interactive Voice Response (IVR) Assessment
Interactive voice response (IVR) systems allow people to interact with computers via an automated mechanism, through voice or touch-tone phones. Often, these systems process confidential data such as credit card numbers, social security numbers, user PIN information, and other personally identifiable information (PII). Security 411’sIVR assessment helps organizations secure their IVR systems and identify vulnerabilities before attackers can gain access.
IVR systems are typically used for telephone banking, credit card services, hospitals, and call centers. Now, IVR technology is also being introduced into automobile systems for hands-free operation. Current deployment in automobiles revolves around satellite navigation, audio, and mobile phone systems.
There is a common misconception that these systems are secure and do not pose a real threat to an organization. Most of the time, IVR systems are conveniently left out of regular security testing and internal audits; however, hackers are shifting away from traditional hacking methods and focusing on weak links such as IVR systems.
Security 411’sIVR testing methodology uses a combination of commercial tools, internally developed utilities, and manual methodical techniques to evaluate the various potential points of failure on an IVR system and the communication between the user and the system. Automated testing is performed using internally developed scripts that leverage the Skype API and other tools for DTMF fuzzing. Voice recognition software is used to speed up testing for English language IVR systems. Moreover, consultants review the XML files and architecture diagram to identify implementation and development flaws.
At the beginning of a test, Security 411 requests the following information:
- A toll-free phone number to access the IVR system
- Test data such as valid account numbers, pins, and other information, as necessary
- Voice-flow diagrams
- XML files such as VXML/CCXML, etc.
- Architecture diagram
- Based years of experience testing IVR systems, Security 411 broadly classifies the common vulnerabilities into the following categories:
- Sensitive information disclosure issues such as internal IP revealed, source code disclosure, and stack trace revealed
- Username, PIN harvesting, and credit card and account number enumeration vulnerabilities
- Application logic bypass vulnerabilities
- Input validation vulnerabilities such as SQL injection, XPath injection, and buffer overflows
- Brute-force attacks
- Vishing attacks
- Denial-of-service attacks such as account lockouts and XML parsing errors
Mobile Application Assessment
Mobile application development has boomed with the emergence of Android, iOS, and Windows mobile operating systems. With more than 1.5 billion smartphone users, there is a growing demand for smartphone applications, including apps for banking, trading, and other services that deal with personally identifiable information (PII), credit card numbers, and other sensitive data.
Many companies are rushing to capitalize on the mobile market by developing new applications or upgrading old applications to work with smartphones. Security 411’s Mobile Application Assessment helps businesses secure mobile applications. Security 411 has been a leader in assessing the security of mobile applications and is a recognized expert in the field.
Security 411 developed a comprehensive, systematic approach to mobile application assessment to ensure evaluations are effective, efficient, and repeatable. Our detailed testing environment consists of simulators/emulators and actual physical devices. Security 411 specializes in analyzing applications developed for iOS, Android, Kindle Fire, Windows Mobile, and BlackBerry platforms.
This proprietary methodology allows the process to be consistent across our consultants, while allowing them to be creative and leverage their hacking skills. Our custom mobile application testing process consists of over 100 mobile-specific checks. Security 411’s methodology is constantly involved in ongoing research to update our vulnerability check list and keep it up to date with the rapidly evolving threat landscape. Our detailed methodology spans different security categories, including:
- Discovery
- Configuration management
- Authentication
- Authorization
- User and session management
- Data validation
- Error handling and exception management
- Data protection
- Debugging and reverse engineering
Source Code Security Assessment
Research has shown that identifying and remediating security problems early in the development cycle is more efficient and cost-effective than the traditional penetrate-and-patch model. Security 411’s software and application security services allow our consultants to identify potentially dangerous software security problems — often before the software is even built.
While we use commercial investigation tools to help automate the process, Security 411 experts manually validate every vulnerability and analyze code to overcome the limitations of automated tools and techniques that are ineffective. Our application security consultants find policy and best practice violations, such as insecure cryptography algorithms and common semantic language constructs that lead to vulnerabilities.
We have expertise in C, C++, C#, VB.NET Java, CFML, Perl, Classic ASP, and PHP working within development frameworks, such as J2EE and the .NET framework, and developing on Win32 and UNIX platforms.
Security 411’s capability in source code analysis assessments extends from our Software and Application Security Service (SASS) consultants, who have performed source code audits on numerous client applications, as well as their own software. Our SASS consultants worked as development practitioners on commercial enterprise software systems and understand the software development process, as well as why and how security bugs are introduced. Our experience combined with custom automated tools, enable us to evaluate at more lines of code faster, more accurately, and more effectively than other security consulting services.
When examining any sizeable application, we start by building a threat model while consulting with the development team. This threat model helps us gain a deeper understanding of the applications’ functionality, technical design, and existing security threats and countermeasures. Threat models help us manage the size of the code base to examine down to a much smaller scope — typically 40% to 60% of the original code size.
With the threat model and a comprehensive understanding of the applications’ design, we use automated tools from Secure Software to evaluate the code for semantic and language security bugs. In many situations, we are looking for two types of issues: design flaws and implementation bugs. Design flaws include faulty design ideas that have been implemented, such as choosing an insecure source of randomness for cryptographic key generation. Implementation bugs are typically syntactical or semantic language constructs that can lead to security vulnerabilities.
Thick Client/Binary Application Assessment
Why let hackers discover your applications’ vulnerabilities? Let Security 411 find your security weaknesses and fix them first. Security 411 can save your company’s reputation and prevent revenue losses.
The National Institute of Standards and Technology estimates that up to 92% of today’s vulnerabilities are at the application layer. Almost every major application in use today has at least one critical vulnerability that has been published, resulting in loss of sales, as well as loss of reputation and customer trust. Security 411 Thick Client testing service looks at an application from the perspective of a malicious hacker and finds the vulnerabilities before they can be disclosed publicly and exploited.
The testing begins with static analysis of the binary executables and libraries that make up the application. Server-level scans search for known vulnerabilities and common misconfigurations. Our penetration assessment consultants then perform a reconnaissance evaluation to gather information about the application and search for information disclosure vulnerabilities that reveal secrets such as passwords, cryptographic keys, or personally identifiable information. With this data, Security 411 consultants conduct testing, which consists of:
- Configuration management testing, including unearthing the presence of sensitive information in configuration files. It also seeks environment information that can be tampered with to alter application behavior, as well as secrets and textual strings in the application binaries or in memory.
- Examination of data protection in storage and transit, when sensitive information is communicated across the network, or stored on a disk or database.
- Authentication and authorization testing to determine opportunities for bypass and privilege escalation.
- Session and state management checks for session hijacking and other such attacks.
- Data validation testing detecting problems such as SQL injection and buffer overflows.
- Error handling and exception management testing that attempt to crash the application into an insecure state or cause information disclosure through crash dump files.
- Auditing and logging checks that attempt to subvert audit trails, create fake log entries, discover sensitive information from the log files, or use the logging mechanism as an attack vector.
The main goal is to penetrate the application’s servers, remote agents, and clients. Additionally, Security 411 searches for application vulnerabilities that would allow a malicious actor to gain access to the operating system or the backend database servers.
Web Application Penetration Assessment
The National Institute of Standards and Technology estimates that up to 92% of today’s vulnerabilities are at the application layer. Our experience shows that 9 out of 10 customers have at least one serious hole that could lead to disclosure of customer data or a total system compromise. Security 411 Web Application Penetration Assessment looks at a website from the perspective of a malicious actor and finds the vulnerabilities before they can be exploited.
The Open Web Application Security Project (OWASP) is the primary reference point on the subject. Security 411 currently leads several key projects including creating a standard for testing criterion.
Web Services Security Assessment
Web services have transformed application development and how IT organizations operate, much the same way that client-server and web-based applications did in the past. They present businesses a new, standardized way of integrating various applications and systems between suppliers, partners, and customers. With Web 2.0, web services have become commonplace as technologies such as AJAX and JSON gain popularity.
Security is a major concern affecting web services just like any other application types. The existing traditional network security infrastructure is unable to satisfy the security needs that XML and web services require. Security 411 offers an extensive Web Services Security Assessment to identify threats, vulnerabilities, and risks associated with your organization’s web services infrastructure.
Every customer and web service has unique network security demands based on their business requirements and operational environment. The process begins by methodically identifying and documenting security needs. Next, threat modeling is performed to help identify and prioritize potential threats. We then evaluate the security aspects of design and implementation, including confidentiality, integrity, trust relationships, and authentication using security standards like XML signatures, XML encryption, SAML, and WS-Security.
This process looks for XML content-based attacks, next generation web services attacks, and application infrastructure threats like SQL injection and denial of service (DoS). Web services security offerings include:
- Threat modeling
- Black box assessments
- Grey box assessments
- White box assessments
- Perimeter product reviews (XML firewalls)
- Architecture reviews
- Web Services Threats:
- XML content attacks
- Coercive parsing
- External entity
- Parameter tampering
- XPath and XQuery
- Recursive payload
- Oversized payload
- Web services attacks
- WSDL scanning
- Schema poisoning
- Infrastructure attacks
- Information enumeration
- Authentication and authorization
- Input validation (SQL/XSS)
- Error handling
- Web server/network layer
- XML content attacks
Red Team Assessment
A red team assessment is a comprehensive, holistic assessment of an organization’s security infrastructure and potential vulnerabilities. All elements of the organization’s infrastructure are potential targets. Simulated attacks can include:
- Physical
- Social engineering
- Phone
- Web
- Network
- Exploitation
- Penetration
- Lock-picking
- Social media
- Phishing
- Electronic key cloning
- Hardware hacking
- Wireless communication spoofing
- Smartphone exploitation and tapping
The red team assessment evaluates the efficacy and satisfactoriness of security safeguards and controls in the organization’s infrastructure and operations, as well as employee awareness. We test the organization’s targeted assets (technical, human, and physical) and all means available to reach them. We also examine third parties associated with an asset’s operational procedures.
After gathering intelligence and profiling the targets and attack vectors, the red team creates profiles of the organization’s threat communities in order to more accurately simulate them during our assessment. Once threat modeling is complete, we conduct comprehensive research to search for system, procedure, and personnel vulnerabilities.
After we have identified and mapped out vulnerabilities, we launch an attack that simulates a real adversary. In many situations, we use multiple attack vectors to demonstrate how an attack would take place. The attack is not limited to the “first layer” of assets and continues to leverage compromised assets and elements until the core of the organization, or predefined limits, are reached.
Security Intelligence Services
The threats facing today’s businesses continue to grow in volume and escalate in severity. With security teams overwhelmed with vulnerability disclosures, multi-vendor security patching cycles, a weakening perimeter, and the need to deal with new types of threat vectors and malicious actors, businesses are at a critical moment in their effort to protect their corporate systems and employees.
Anticipation and intelligence of an opponent’s tools and tactics lies at the forefront of information security today. Security 411’s Security Intelligence Services are designed to provide an organization’s management and technical security teams with the information they need to combat and counter rising threats and successfully prioritize responses.
Security 411 has a long established research background and extensive experience providing onsite security consultancy to many of the world’s most demanding technology companies and financial institutions. This experience allows our Security Intelligence Service to focus on:
- Evaluating current and future threats and technologies
- Giving clear and concise information, devoid of sensationalist marketing hype and FUD
Security 411 researchers and consultants’ present new innovative security research themselves or gather new intelligence directly from the third-party sources. This real-time human intelligence gathering, combined with analysis from Security 411’s acclaimed security researchers and most experienced consultants, gives our clients essential insights that cannot be gathered from even the premier data feeds and big data crunching technologies.
While many other threat intelligence service providers focus on providing bundles of blacklists, reiterated vulnerability advisories, or streams of semi-processed data, Security 411’s objectives and value to our clients is quite different. We focus on analyzing the most recent research and live threat metrics to identify the critical emergent threats and significant security developments. We provide our clients with details their technical teams need to remediate and operate defenses, while providing the projection of threats that executive management teams require.
Human Capital Due Diligence
(Also referred to as Executive Pre-employment Investigations or Leadership Profiles). Security 411 offers the highest level of due diligence to ensure your organization is hiring the right, top level executives and/or partners prior to making the costly investment of on-boarding. Security 411 provides its clients with complete transparency on the executives or partners our clients are evaluating for top level positions. Beyond standard records checks and nationwide court searches, Security 411 uses proprietary algorithms to seek out potentially damaging social media posts, memberships, and social activity. Further, Security 411 conducts covert investigations into a character, social interactions, and activities that would not normally become apparent in a typical background records search. Security 411 has saved its clients hundreds of thousands of dollars by allowing them to make a clear choice on the right executive.
Competitive Intelligence
Competitive Intelligence (or competitor intelligence) is the gathering of valuable intelligence on competitor products, prices, direction, and strategies. Whether your business needs to know immediately about a competitor’s new product, or would like to monitor competitor activities, Security 411’s Business Intelligence Team will efficaciously and discretely gather valuable and actionable intelligence to allow your business to move forward with certainty and knowledge of your competitor’s activities. Security 411 has a preexisting network of professional sources within each industry to allow your firm immediate access to valuable intelligence for future requests. Also, Security 411 provides each client an exclusive “Intelligence Guarantee.” We price per question… if we don’t answer it, you don’t pay for it.
Counter-Competitive Intelligence
If your company is losing market share, customers, or clients, Security 411’s counter-intelligence offering can identify the source of the information loss and put the proper tools and training into place to prevent future intelligence loss. Security 411 has conducted both competitive and counter-intelligence for over 10 years, in 8 different countries, across 13 separate industries, and for over 27 small, medium, and large companies including several Fortune 500 companies. The return on investment of this service is clear when your company regains control of lost markets.
Custom Solutions
Security 411 is prides itself on providing “outside the box” solutions for unique situations and issues. Examples of these unique situations have been risk mitigation for threats from former employees, reputation attack investigations, covert influence, and more.
Need a Quote? Get in Touch.