Security test your network and web application

         The aim is to identify browser exploits, unpatched software, unsecure coding practices and weak encryption algorithms. A penetration test must be ...

Penetration testing, or ‘pen-testing’, is the most effective way of demonstrating that exploitable vulnerabilities within your company’s internet-facing resources have been identified, allowing suitable patches to be applied.

 
    
 
The aim is to identify browser exploits, unpatched software, unsecure coding practices and weak encryption algorithms. A penetration test must be conducted by a certified ethical penetration tester, who will use their expertise to identify specific weaknesses within an organisation’s security arrangements. This involves simulating a malicious attack on an organisation’s information security arrangements, often using a combination of methods and tools.
 
 
Threats are constantly evolving and changing. It’s not a question of if you will be attacked, but when. Even if you are a relatively unknown organisation of little apparent interest to an attacker, criminals’ automated scans will find your presence online.
 
  • More and more applications are directing traffic by default through http to bypass firewall rules.
  • Malware can be downloaded automatically.
  • Websites can be infected by code injection, cross-site scripting and other similar black-hat hacking techniques.
  • Your website traffic can be hijacked.
  • Blacklisting by major search engines can cause you to lose business.
  • It is easy for new vulnerabilities to be identified and exploited by criminal hackers. In many cases, you won’t even know that your defences have been successfully breached until it’s too late.
 
____________________________________________________________________________________________
 
 
 

Which test best suits my organisation, and what methodology applies?

Here at iTGRC Asia, we closely collaborate with IT Governance and present the vulnerabilities and risks to the organisation once the test has been conducted, along with recommendations for remedial action, which are displayed as facts in an easily understandable report.
 
Our bespoke penetration tests deliver cost-effective and practical solutions that will help you meet your legal, regulatory and contractual requirements.
Click to ask any question, we are happy to assist you. 
 
____________________________________________________________________________________________
 
It combines a number of advanced manual tests with automated vulnerability scans to ensure every area of your web applications are tested. Because IT Governance is a CREST member organisation, you can be sure our tests meet the highest industry standards. By commissioning a Web Application Penetration Test, you can:
  • Avoid damaging your brand’s reputation with the bad publicity associated with a security compromise
  • Prevent breaches and subsequent regulatory fines
  • Satisfy relevant regulatory requirements or legislation

​Price at SG$4,860/-, SG$4,300/- ask any question

 
____________________________________________________________________________________________
 
This is a consultant-driven penetration test combines a number of advanced manual tests with automated vulnerability scans to ensure that every corner of your network is tested. By commissioning an Infrastructure (Network) Penetration Test, you can:
  • improve your security posture by adopting real-world testing to reduce risks in your infrastructure.
  • meet compliance requirements by ensuring that devices on your network meet regulatory requirements and standards.
  • lower your costs by reducing risks. By identifying trends in insecure practices, you’ll be less vulnerable, and more secure against attacks and data loss.

Testers will assess the resilience of your infrastructure security controls and the ways an attacker might gain unauthorised access and control. Network tests will focus on web servers, firewalls, Wi-Fi, etc. looking for holes in the network perimeter.

Testing approach - 
Our approach to network penetration testing is closely aligned to the Open Source Security Testing Methodology Manual (OSSTMM) - a methodology to test the operational security of physical locations, workflow, human security testing, physical security testing, wireless security testing, telecommunication security testing, data networks security testing and compliance
 
What will my test cover?
  • A review of the test environment to identify information that would be useful to a hacker.
  • A range of manual tests using a methodology closely aligned with the OSSTMM.
  • A series of automated vulnerability scans.
  • Immediate notification of any critical vulnerabilities to help you take action fast.
  • A detailed technical report that identifies and explains the vulnerabilities (ranked in order of significance).
  • A list of recommended countermeasures to address any identified vulnerabilities.
  • An executive summary that explains what the risks mean in business terms.

​Price at SG$3,877/- , SG$3,429/-ask any question

 
____________________________________________________________________________________________
 
 
Control A.12.6.1 of ISO 27001:2013 specifies that “Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organisation's exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.” A vulnerability assessment or penetration test is the best method for identifying these vulnerabilities in systems, infrastructure and web applications. By conducting this test, you can:
  • avoid damaging your brand’s reputation with the bad publicity associated with a security compromise
  • prevent breaches and subsequent regulatory fines
  • satisfy relevant regulatory requirements or legislation

Standard ​price at SG$7,549/-, SG$6,677/- ask any question

 
____________________________________________________________________________________________
 
An insecure wireless network opens up your organisation to the external world and poses a security risk. From rogue access points to weak encryption algorithms, threats to wireless networks are unique and the risks can be significant. By completing a Wireless Network Penetration Test, you can:
  • Understand the level of risk that wireless networks pose to your organisation and how to mitigate this risk
  • Ensure greater flexibility for users, while maintaining the confidentiality and integrity of your data
  • Maintain compliance with compliance schemes such as the PCI DSS
 
                               
 
What can you expect from a wireless penetration test?
Our Wi-Fi penetration testing service can help detect access points and rogue devices, analyse your configurations and test for vulnerabilities, so that you can implement security controls to prevent an attack.
 
What will my test cover?
  • A range of manual tests conducted by our team of highly skilled penetration testers using a methodology closely aligned with the OSSTMM.
  • A series of wireless surveys of the scoped environment with automated and manual identification of vulnerabilities.
  • Immediate notification of any critical vulnerabilities in order for you to take action fast.
  • A detailed technical report that lists the identified vulnerabilities (ranked in order of significance).
  • A list of recommended countermeasures to address any identified vulnerabilities.
  • An executive summary that explains, in business terms, what the risks mean.

Standard price at SG$4,860/- , SG$3,754/-ask any question

 
____________________________________________________________________________________________
 
Phishing is one of the oldest ‘hacking’ methods used by cyber criminals. According to Verizon’s DBIR 2016 report, some 30% of phishing emails are opened by targets. Phishing works well because it tricks people into divulging sensitive information that can compromise their security. Moreover, successful phishing attacks deliver an enormous return on investment, which has motivated criminals to create increasingly sophisticated and creative phishing ‘lures’.
 
97% of phishing emails are used to infect victims with ransomware 
30% of phishing emails are opened by targets  
70% of user credentials were stolen within the first hour of a phishing attack
 
​Pricing
Up to 100 employees                  at SG$1,069/-
Up to 250 employees (20% off) at SG$2,149/-
Clickask any question
 
____________________________________________________________________________________________
 
 

iTGRC Asia Pte Ltd

Regus JTC Summit
8 Jurong Town Hall Road, Level #24-05, Singapore 609434

+65 6818 0839

   

+65 6818 0801

    info@itgrc.asia

By submitting your information to iTGRC Asia Pte Ltd, you have agreed to our Privacy Statement

Other Promotions

Cyber Hygiene health check for Digital-Johor

In response to the launch of Digital Johor under Johore 4.0, iTGRC is giving away 1 hour free of Cyber Hygiene Advisory. This will path Individual, Organizations and SME small steps toward Cyber Security in preparing themselves for the Digital Era. Reach out to us at
    Email: info@itgrc.asia
    Phone: +60 7 2686066
and carve a niche for yourself. You may also like to talk offline with our chief advisor through Whatsapp +65 93384818

We institute a security organization in your business

We help our clients develop information/cyber security strategy, organization structure and capability that are aligned with their business needs and priority. We offer mentorship to organizations who want to implement or strengthen their cyber-hygiene, or even to build their very own information/cyber security team to protect their business, enforce data security/protection to avoid information leak/reputational risk. Our risk assurance constantly enables clients timely response to incidents; such as cyber-crime/insider threat/regulatory violation and etc. Click to ask our CISO or WhatsApp +65 93384818, SkypeID: live:f1b54fc914a37b51

Why business needs security management framework

Bring to companies the management framework that enhances the existing management system, professional image, enable market expansion by being qualified to apply for tenders and meet customer & legal requirements. You can promote your business values to your clients by being Cyber-Resilient, Data Protection Ready & Regulatory Compliant (e.g. GDPR). Now, prepare for the seamless change without hurting budget but giving your business the extra miles. Click to ask our CISO or WhatsApp +65 93384818

Cyber Essentials provides a basic level of cyber security; if you are interested in progressing to a more advanced stage of information security by implementing a holistic information security management system, you can discover more by reading about ISO 27001 and the Cyber Essentials scheme