Web Security

Operating and maintaining the security of today’s complex systems is a challenging and demanding job. Operational requirements to deliver services swiftly and securely have never been greater than they are now. Organizations which invest a lot of resources on various necessary security efforts such as risk analysis, certification, accreditation, policy development, and other security efforts, neglect a well-thought out security testing program.

Security testing should bridge the void between the best in system development and actual operation of those systems developed. Security testing is important for understanding and measuring the security of an organization and attempting to think about your security during a major attack is very expensive and also results in loss of reputation and has very little effect. COMPANY believes in this need for security and specializes in providing services in testing Web Application Security, Network Security, Product Security, Operational Security and Physical Security.

At Radiant Global, we exclusively focus our talent and experience in meeting your needs capably, comprehensively and cost-effectively. Radiant Global clearly comes out ahead of other players in this market, with its focused capabilities, passionate Web Application Security Testing team and demonstrates strength in improving the end-user experience.

Web Application Security Assessment :

Value Proposition: This service helps identify vulnerabilities within an application that could lead to loss of customer data, loss of revenue, or reputation impairment to a client.

Description: Similar to a penetration test, this service targets a specific application and examines application level controls. The review assesses the ability of an attacker to manipulate or compromise the target application and possibly gain access to back end systems. For instance, an eBusiness retail application may be able to have pricing changed or a user of a web-banking product may be able to access other accounts. The review consists of interviews, assessment of documentation, limited review of code, examination of connections to backend systems, and actual testing of the application using appropriate software tools.

Penetration testing :

Value proposition: Periodic penetration testing helps a client identify security exposures in its security infrastructure and allows management to address the exposures before they become problems.

Description: We test security controls through techniques actually used by hackers. In addition, we analyze the environment and infrastructure after the test to find any holes not otherwise identified during the testing. Testing can touch upon all or any of the following areas: external (Internet), internal (simulates internal attacker) or dial-up (take a range of numbers and use an automated dialer to identify systems with modems). Our tests also include a review of firewalls, routers, network design, and administrative controls.

Physical Security Device Assessment :

Value Proposition: This service helps identify vulnerabilities within an application that could lead to loss of customer data, loss of revenue, or reputation impairment to a client.

Description: Similar to a penetration test, this service targets a specific application and examines application level controls. The review assesses the ability of an attacker to manipulate or compromise the target application and possibly gain access to back end systems. For instance, an eBusiness retail application may be able to have pricing changed or a user of a web-banking product may be able to access other accounts. The review consists of interviews, assessment of documentation, limited review of code, examination of connections to backend systems, and actual testing of the application using appropriate software tools.

Network Design Security Assessment :

Value Proposition: Identify potential risks in network infrastructure design and help mitigate them to acceptable levels.

Description: We work with you to develop high-level security solutions for each tier of your network. By alleviating monitoring, detection and suppression capabilities required across your network. Plans for future network expansion are evaluated for potential security risks. Radiant Global also reviews and recommends appropriate incident response practices for your network.

Product security Assessment (Fire Walls, IDS, Antivirus etc) :

Value proposition: This service involves conducting security tests on given products using several attack scenarios like buffer overflow, memory leaks, registry tampering etc.

Description: This assessment identifies anomalies/malicious behavior in a product before its release or deployment. Malicious behavior in a product could be due to Bots, Logic Bombs, key loggers, back doors root-kits etc to name a few. This assessment also identifies anomalies in products like application crashes, information leakage, data transmission and management issues etc.

Secure Diagnose :

Value proposition: A holistic governance-level evaluation of security management “best practices” drawing from guidelines and frameworks of the Institute of Internal Auditors and ISO 17799 and utilizing technology-based testing of security vulnerabilities to lay the foundation for an enterprise-wide security program.

Description: The basis for this assessment is the ISO 17799 security management guidelines that set the baseline for a comprehensive security program that is then tailored to a client’s situation by using Radiant Global’s risk models. While not a certification review, the assessment addresses all 10 areas of the ISO 17799 guidelines. For senior management, SecurDiagnosesm includes an executive scorecard that addresses the security governance questions developed by the Institute of Internal Auditors.