Offensive
Network Security Assessment

Vulnerability assessments offer crucial insights into potential risks to your infrastructure. They play a vital part in any organization’s security picture, as they inform how security can be improved and eliminate any potential risks.

During the process our qualified team of experts will use both automated and manual techniques to assess your company’s network real-time security situation. We recommend doing a vulnerability assessment in conjunction with a penetration test, as this will give you the clearest overall picture of how vulnerabilities can be actually utilized by hackers.

Penetration testing is something that all companies should be considering, as it is a simple and effective way of confirming any potential or suspected vulnerabilities as well as discovering hidden undiscovered ones. The way it is done, is by simulating an attack on a single asset (PC, server, application) or a network from either internal or external threats. This makes it an invaluable method of really testing how secure your company is, because it operates in the same way that an actual attack does.

It is similar to the way that an army tests itself: obviously the best practice for fighting is to actually fight, however, it is impossible for them to do this most of the time. Thus, they conduct war games on a regular basis to simulate things that are as close to actual combat as possible. Security in general, is very similar, unless you push your systems to their limits, then you have no idea how they will actually function, when a real attack comes.

Penetration testing is the best way to simulate an actual attack, making it a vital tool for any company that wants to take its security seriously.

At Striggers, we are experts in penetration testing and will devise a bespoke plan, which will push your system to it absolute limit, ensuring that you know exactly where you stand. This makes it ideal for companies that are working with Striggers already, or companies who want an independent team of experts to give them a clear picture of how well their system is working. Listed below are a few of the many advantages that a penetration test by Striggers will bring:

  • Minimizes the potential for the reputational loss, which is often associated with security breaches.
  • Helps you to achieve compliance.
  • Performing this assessment on a regular basis will also help address specific regulatory requirements, such as ISO27001, ISR and PCI DSS requirement.
  • Helps to identify higher-risk vulnerabilities that may result from a combination of lower-risk vulnerabilities which are exploited in a particular sequence.
  • Tests the ability of network defenders to successfully detect and respond to attacks.
  • Identifies weaknesses in security concepts, systems and applications.
  • Analyzes the security measures against “Inside” out attacks.
  • Provides management with an understanding of the level of risk from Internet-accessible services.
  • Provides recommendations and details to facilitate a cost-effective and targeted mitigation approach.
  • Creates a basis for future decisions regarding information security strategy, requirements and resource allocation.
  • Executes a real-world attack on critical infrastructure, allowing you to understand the level of risk that exists at a single moment in time.
Offensive
Web application assessment

Any company with a web application, is at constant risk of attack, while the fact that web applications are usually in the public eye, means that such attacks can do immeasurable damage to your reputation.

The internet, is a bit like the Wild West, and that lawlessness means that any company with a web application needs to constantly evaluate their security, or they run the risks of their site being disrupted, their data being stolen and their reputation being damaged. At Striggers we pride ourselves on the security services that we offer and once we discover a vulnerability, we will help you to find a remedy, ensuring that your web application remains secure.

Striggers can do web application testing in a number of different ways, with the two most popular being: Black Box Testing and Grey Box Testing.

Black Box Testing, means that an Striggers expert just gets the URL of the web application, and then seeks to find any flaws in the security infrastructure. This means that it closely apes the most likely attack situation, where an agent unknown to the organization seeks to break through the security of the web application from the outside.

Whereas Grey Box Testing, involves the security expert being given either limited or extended rights, as an authenticated user, of the web application and then going through the same techniques as Black Box Testing. The advantage of this being that it gives a holistic view of the security situation and will provide valuable insights into the damage that users and staff on the platform can do.

Offensive
Mobile application assessment

Mobile applications are now a vital part of many company’s business offerings, making their security just as important as that of a web application or network.

They too are at constant risk from hackers and criminals as they are available to them 24/7, meaning that they are an easy target, which are likely to be high up the list of people who are seeking to breach your company’s security. The threats to them are dynamic and in a perpetual state of flux, meaning that every mobile app will benefit from our Mobile Application Security Assessment.

Our team of experts will analyze your mobile application in two different ways during the assessment: using both static and dynamic to identify the key security weaknesses of your app. This is vital to your overall security picture as well, because your mobile app, can be used as a gateway into your network, which means that securing your mobile application will also help in protecting your internal network, customer data and other sensitive assets.

Offensive
SCADA & ICS Security Assessment

An Industrial Control System (ICS) and its associated components like Supervisory Control and Data Acquisition (SCADA) are generally used in industries providing crucial infrastructure services, such as water, oil and similar products.

These processes are usually crucial to the functioning of such services, meaning that if they are compromised, they will do significant damage to organization’s business or even national infrastructure.

Such systems, were usually designed to be distinct from the rest of the connected digital world, meaning that reliability, safety and flexibility, were more of a concern to their designers, than security. Their physical isolation was believed to make them secure, meaning that the need for other cyber-security measures was neglected. However, in our brave new world where everything is connected, this ‘air gap’ principle, is no longer relevant.

An Striggers SCADA & ICS Security Assessment, will examine you crucial SCADA systems, probing them for any ways that they might be compromised, ensuring that they reach compliance against common security standards, both regulatory and industrial. Once we have done this we will provide recommendations that will make your systems more secure and more efficient.

Offensive
IoT Security Assessment

The Internet of Things (IoT), is one of the hottest topics within security circles, because items which are connected to it, are generally simpler and less secure than more complicated devices.

This creates a perfect storm in security terms, because IoT devices can be reverse engineered, or have malicious software installed on them to do all manner of things, from stealing data to compromising the entire network or being used in launching attacks against other targets. This is combined with a lack of understanding by management of the risks, for example any device with a microphone can be hacked to commit corporate espionage.

Striggers are committed to helping companies make all their systems as secure as possible: our in-depth IoT Security Assessment, will provide a holistic understanding of everything on your system: from your office kettle, to key parts of your infrastructure, anything that is connected to a network is a potential vulnerability. Our team of experts will examine everything, highlighting the potential weaknesses, providing solutions and giving you a greater understanding of where the flaws lie.

Offensive
Source Code Review

A source code review will help you get a more complete picture of your application’s security whether it is a web application, mobile application or even a client/server application.

It is the ideal way to achieve a holistic understanding of your application’s security, before taking the application live. This will help you identify any memory mismanagement, weak encryption algorithms, non-secure network communications, access control vulnerabilities, error handling, insecure logging, backdoor implementation and many, many more potential security flaws. It is a crucial stage within the process of taking any application live, because once it is on the internet, it is far more difficult to fix vulnerabilities.

Striggers Source Code Review service, will exhaustively examine the design of your software, identifying any vulnerabilities or design flaws. It provides a more complete picture of your security situation, because it drills right down into the design of the software, ensuring that you understand any vulnerabilities that it has.

At Striggers we are proud of the security services that we offer and committed to discovering any potential weaknesses in our client’s software. A source code review will drill deep into the foundations of your software, making it an invaluable tool in the ever-developing battle between security experts and hackers.

Offensive
Social Engineering

Information security is a profound problem for all companies in the digital age, because it requires employees to be as educated as the people who want to endanger your company.

Although awareness has grown over the past few years, there remains an education gap, which makes it an area of particular vulnerability.

This is where Striggers social engineering comes in: we will assess the level of information security awareness in a sample group of your users or employees, giving you crucial knowledge about where you are vulnerable and where you need to improve education or policies. To do this we will simulate things such as phishing attacks, spoofing, pretexting and baiting, among others, and gauge their reactions.

At Striggers we are committed to ethical hacking, meaning that we catch your security vulnerabilities before unscrupulous people do.

Offensive
Red Team / Blue Team Exercise

The philosophy that informs a red team, blue team exercise is simple: the only way to prepare for an attack, is to simulate something as close as possible to an attack.

Thus, in a red team/blue team exercise, a team of our Striggers experts, the red team, will attempt to attack you and a team of your staff, the blue team, will attempt to defend it. The advantages of this are numerous, it allows your staff to become battle-tested, both gaining a better understanding the dangers and learning how they react and how they can react better. Along with highlighting any weak links in your security setup, which can be plugged, before the real thing happens.

At Striggers we are proud of the security services that we offer, and our red team/blue team exercise will give you crucial insights into how you can better protect yourself.