At Security Brigade, we leverage a combination of in-house developed, commercial and open source tools as part of our process. Each tool is carefully selected, tested and documented by Security Brigade’s R&D team based on requirements from the audit teams.
Not all applications and networks are alike and as such, there is never one tool that will do a great job across all of them. To address this limitation, the set of tools to be used for any audit are intelligently selected by E.D.I.T.E (Our intelligent workflow-driven audit management platform).
The following is an overview of the process:
- E.D.I.T.E profiles the application or network and maps out various criteria (Platforms, Vendor, Legacy, Known Softwares, etc)
- Based on internal benchmarks, E.D.I.T.E identifies the best set of tools to be run for this specific audit profile
- The list of selected tools along with reasoning and runtime details are displayed to the auditor for approval.
- Once approval is received, E.D.I.T.E executes the selected tools and parses the output into a central database
- Data from all the tools is correlated, cross-referenced and presented to the auditor for further analysis
- Each time E.D.I.T.E is run, it uses the data collected to improve its internal benchmarks and therefore constantly learns and optimizes itself
In-House Developed Tools by our R&D Team
|sdFinder||Identifies internal hosts on non-contiguous IP ranges. It allows us to detect sensitive information about our clients commercial, intranet and extranet networks.|
|webDiscovery||Identifies as many applications as possible on Client web-servers. The applications discovered through webDiscovery allow us to provide a superior web-application security testing service than competitive services and products. It allows us to increase the scope of the audit and cover more areas that could be attacked by malicious users; that would not be covered by a traditional audit.|
|networkMapper||Network Mapper uses proprietary technology to be able to identify alternative network routes to bypass security mechanisms such as IDS/IPS/Firewall etc. It allows our experts to bypass existing security implementations and gain direct access to the systems behind them.|
|webTester||Utilizes our Benchmark Development System to ensure that we can identify maximum vulnerabilities in applications through automated mechanisms. Along with flaws that are known, it uses in-house research to test for vulnerabilities that are not in the public domain. It allows us to automate the process of identifying and testing known and unknown vulnerabilities in Web-applications and strike a cost-effective time to effort ratio.|
|VA Framework||Integrated solution developed by our security experts that have expertise in the vulnerability assessment domain. It allows us to integrate the manual and automated testing processes with commercial and open-source software. Our Integrated Reporting Engine allows us to cross-reference information from all the different components and generate a report based on our Client’s requirements.|
|PT Framework||Integrated solution developed by our security experts that have expertise in the penetration testing domain. It allows us to integrate the manual and automated testing processes with commercial and open-source software. Our Integrated Reporting Engine allows us to cross-reference information from all the different components and generate a report based on our Client’s requirements.|
|sapScan||Security and Configuration Assistant for SAP Security Audits.|
|riskReview||General Risk Assessment Tool.|
|erpInterrogate||ERP Security and Configuration Assessment and Control Tool.|
|Windows Batch Scripts||Windows batch scripts to automated routine server hardening functions and processes.|
|Linux Bash Scripts||Linux Bash scripts to automate routine server hardening functions and processes.|
|Oracle Security Assessment Scripts||Oracle Security Assessment Scripts to automate routine hardening functions and processes.|
|MSSQL Security Assessment Scripts||MSSQL Security Assessment Scripts to automate routine hardening functions and processes.|
|Internal Vulnerability Database||Automated vulnerability database that is updated every 15 minutes from over 100 public and 20 private feeds.|
|SQL Explorer||Identifies vulnerabilities in and retrieves data from MSSQL, MySQL, Oracle, PostgreSQL, MS Access etc database servers.|
Work With Us
Security Brigade a CERT-In empanelled founded on the core belief that "Great audits are done by great auditors - not expensive tools". Our proprietary E.D.I.T.E platform provides a workflow based testing engine that encapsulates the complete audit process. It allows expert auditors to focus on in-depth manual testing while assisted by a combination of proprietary, open-source and commercial technology.