Mobile Security Assessment Service

Our security services are helping the IRDA to securely manage India's Largest Insurance Portal.

To get more information on Security Brigade's Professional Services, Contact Us.

Introduction

As banking, travel and movie reservations have shifted their eye to mobile devices, so have malicious attackers. Devices such as laptops, PDA's, Pocket PCs, smartphones and Blackberries generally have access to your corporate network through email, VPN and other functionality.

Security Brigade's Mobile Security Assessment Services uses our continued research activities in this area to help protect your company from the latest mobile security threats. Our process will assess the security posture of your mobile network and attempt to compromise and infiltrate your network through these mobile devices.

Our Mobile Security Assessment service is a highly versatile service that utilizes in-house research and development coupled with out-of-box thinking to not only identify known flaws but also discover unknown flaws within your IT infrastructure.

  • Delivering Experts with the correct experience and domain-expertise to meet your security requirements.
  • Improved Confidence and Security among customers, employees and partners.
  • Informative Reports focused on helping you understand your information security posture, in-relation to industry benchmarks and expectations.
  • Superior Level of confidentiality, integrity and availability of organizational information in-order to facilitate maintenance of competitive edge, cash-flow, profitability and corporate reputation.
  • Template Driven methodology to ensure compatibility with industry recognized guidelines such as: OSSTMM, OWASP, PCI, NSE, RBI, etc.
Some of Our Unique Value Propositions
Experience
Consultants are certified with industry recognized IS Certifications (eg: eCPPT, SANS, CISSP).		 Free Re-Testing
Ensures the detected vulnerabilities are correctly patched.
Customized Reports
With source-code examples in your development language along with patch and configuration details.		 Hybrid Approach
Delivering experienced consultants coupled with ground-breaking automated processes.
Identifying the "True Impact"
Identify the real-world impact of threats against your IT infrastructure.		 Enhanced Remediation
Solutions specific to your operational and development environments.

Approach

Security Brigade's Mobile Security Assessment Service leverages a hybrid approach to deliver a comprehensive and accurate solution that goes well beyond industry benchmarks. Through industry best-practices coupled with automated and manual testing we deliver results that help you head off on-coming threats against your system and application infrastructure.

Our Approach

Our Mobile Security Assessment Service methodology is an in-depth process that has been built through experience and thorough understanding of customer requirements.

[+] Read More

  • Pre-Assessment Analysis
  • Information Gathering
  • Enterprise Mobile Architecture Review
  • Port Scanning
  • Enumeration
  • Social Engineering
  • Threat Profiling & Risk Identification
  • Network Vulnerability Assessment
  • System Vulnerability Assessment
  • Mobile Infrastructure Security Assessment
  • Exploit Research & Development
  • Exploitation
  • Privilege Escalation
  • Network Propagation
  • Retaining Access
  • Engagement Analysis
  • Mitigation Strategies
  • Report Generation
  • Support

Technical Experience

Security Brigade has had the privilege of working with a large number of customers with varied operational environments. As a result, our consultants have broad technical experience and some of the environments we have worked with are listed below.

[+] Read More

Operating Systems: Windows Server 2000, 2003, 2008, Redhat Linux, Sun Solaris, HP-UX, IBM AIX, Open VMS, Novell Netware, Open Enterprise Server, Suse Linux, IBM OS/2, Win NT, SCO Unix, SCO OpenServer, IRIX, FreeBSD, OpenBSD, NetBSD, OpenSolaris.
Firewalls: Cisco PIX/ASA, Checkpoint, Netscreen, Watchguard, Sonicwall, Fortigate, Web Application Firewalls.
Intrusion Detection Systems: ISS RealSecure, Cisco Secure, Dragon IDS, Fortinet, Snort, Sourcefire, Checkpoint RealSecure.
Others: Microsoft Sharepoint, SAP, Active Directory, ISA Proxy, Squid Proxy.
Mobile Devices: PDAs, Blackberies, Notebook Computers, Netbooks, Pocket PCs, Smart Phones, Tablet PCs, Microsoft Mobile Servers, Blackberry BES/MDS Servers.
SAP Systems: SAP R/2, R/3, BOBJ, APO, AFS, BW, BI, CCM, CC, CI, EBP, EL, EP, XI, etc.


In-House Tools for Mobile Security Assessment Service

One of our core strengths has been our ability to adapt to challenging customer environments and requirements. We have been able to consistently meet these challenges through a strong process of research and development. Some of the many tools we have developed over the years are given below.

[+] Read More

sdFinder - Identifies internal hosts on non-contiguous IP ranges. It allows us to detect sensitive information about our clients commercial, intranet and extranet networks.
webDiscovery - Identifies as many applications as possible on Client web-servers. The applications discovered through webDiscovery allow us to provide a superior web application security testing service than competitive services and products. It allows us to increase the scope of the audit and cover more areas that could be attacked by malicious users; that would not be covered by a traditional audit.
networkMapper - Network Mapper uses proprietary technology to be able to identify alternative network routes to bypass security mechanisms such as IDS/IPS/Firewall etc. It allows our experts to bypass existing security implementations and gain direct access to the systems behind them.
webTester - Utilizes our Benchmark Development System to ensure that we can identify maximum vulnerabilities in applications through automated mechanisms. Along with flaws that are known, it uses in-house research to test for vulnerabilities that are not in the public domain. It allows us to automate the process of identifying and testing known and unknown vulnerabilities in web-applications and strike a cost-effective time to effort ratio.
VA Framework - Integrated solution developed by our security experts that have an expertise in the vulnerability assessment domain. It allows us to integrate the manual and automated testing processes with commercial and open-source software. Our Integrated Reporting Engine allows us to cross-reference information from all the different components and generate a report based on our Client's requirements.
PT Framework - Integrated solution developed by our security experts that have an expertise in the penetration testing domain. It allows us to integrate the manual and automated testing processes with commercial and open-source software. Our Integrated Reporting Engine allows us to cross-reference information from all the different components and generate a report based on our Client's requirements.
webSpider - Uses advanced HTML, Java Script, Ajax, Flash and XML parsing engines to identify and map as much of the client applications as possible. This not only assists our automated webTester engine, but also assists in carrying out the manual testing process in an efficient manner. It allows us to attain a cost-effective balance between thorough testing and time required.
sapScan - Security and Configuration Assistant for SAP Security Audits.
riskReview - General Risk Assessment Tool.
erpInterrogate - ERP Security and Configuration Assessment and Control Tool.
Windows Batch Scripts - Windows batch scripts to automate routine server hardening functions and processes.
Linux Bash Scripts - Linux Bash scripts to automate routine server hardening functions and processes.
Oracle Security Assessment Scripts - Oracle Security Assessment Scripts to automate routine hardening functions and processes.
MSSQL Security Assessment Scripts - MSSQL Security Assessment Scripts to automate routine hardening functions and processes.
Internal Vulnerability Database - Automated vulnerability database that is updated every 15 minutes from over 100 public and 20 private feeds.
SQL Explorer: identifies vulnerabilities in and retrieves data from MSSQL, MySQL, Oracle, PostgreSQL, MS Access etc database servers.

Case-Studies

Mobile Security Assessment for a Financial Services Firm


Security Brigade conducted an Mobile Security Assessment for one of India's Largest Financial Service Firms. This case study highlights the solution implemented to meet the Client's key business goals while helping them ensure that their mobile infrastructure was secure and that their key operational environment was isolated as per their policies and processes.

Download PDF

Mobile Security Assessment for a Business Process Outsourcing Firm


Security Brigade conducted an Mobile Security Assessment for a Private Sector Bank with over 1,000 Branches, 3,000 ATMs and 10 Million Customers. This case study highlights the solution implemented to meet the Client's key business goals while helping them ensure that thier management teams were safe and secure while handling sensitive information through Mobile Environments.

Download PDF

Mobile Security Assessment for a Private Sector Bank


Security Brigade conducted an Mobile Security Assessment for one of India's Largest Financial Service Firms. This case study highlights the solution implemented to meet the Client's key business goals while helping them ensure that their mobile infrastructure was secure and that their key operational environment was isolated as per their policies and processes.

Download PDF

Deliverables

Security Brigade's reporting process is industry-unique and aims to deliver maximum value to your organization and the administrations / developers directly interacting with the security audit. Each report is customer-specific and contains detailed information, proof of concepts, source code examples and configuration details with the aim of educating your IT teams for the long-term. The following are some of the deliverables you will receive on completion of a Mobile Security Assessment Service.

Executive Presentation


Provides a holistic overview of the entire engagement, detailing the issues from an impact and business risk perspective. The presentation is aimed at helping senior management quantify risks and take an informed decision while aligning security with business objectives.

Download PDF

Executive Report


Provides a high-level summary of the systems, network and applications covered, vulnerabilities discovered and the recommendations made to mitigate the threats identified through the engagement.

Download PDF

Technical Report


Provides comprehensive information about all the threats discovered on the systems, network and applications. It will include proof-of-concepts, technical explanations, remediation recommendations, screenshots, exploits, etc.

Download PDF

Project Summary Report


Provides a detailed summary of the engagement, the vulnerabilities identified, recommendations made and current status of the identified issues.

Download PDF

Excel Vulnerability Tracker


Simple and comprehensive vulnerability tracker aimed at helping the IT asset owner keep track of the vulnerabilities, remediation status, action items, etc.

Download PDF

Request a Call

Telephone: +91-022-23532909 | Contact Us | Twitter | Linked In
Security Consulting | Penetration Testing | Web Application Security | CERT-IN Empanelled | Privacy Policy
Copyright © 2007-2013 by Security Brigade InfoSec Pvt. Ltd. All rights reserved.