CYBER SECURITY

 CanDoTech Consulting Inc. has a full line of services dedicated to web application security, HITECH compliance, PCI compliance, HIPAA compliance, and custom security consulting services.

Our Services:

A single successful penetration by a malicious hacker can result in compromising an entire organization’s confidentiality, integrity, and availability (CIA). CanDoTech’s research-driven penetration testing & vulnerability assessment services help to prevent such a compromise by testing at realistic levels of threat.

Understanding real-world risks:

CanDoTech conducts penetration tests from inside and outside of your network to identify risks and help you to prioritize remediation. Types of penetration tests include:

  1. An internal and external network penetration test

  2. Web and mobile application penetration test

  3. Wireless penetration test

  4. Social engineering security testing (physical and electronic)

 PENETRATION TESTING SERVICES

External network penetration testing:

Penetration testing for Internet-accessible devices or Internet of Things (“IoT”) along with services such as web servers, firewalls, routers, DNS, remote access, etc.

Internal network penetration testing:

Penetration testing for internal servers, firewalls, routers, switches, email, and DNS services.

Wireless network penetration testing:

Penetration testing for wireless infrastructure, including access points, controllers, firewalls, etc.

 APPLICATION SECURITY TESTING SERVICES :

CanDoTech’s comprehensive Web Application Security Testing covers the classes of vulnerabilities in the 2013 Top 10 Open Web Application Security Project (OWASP) and is listed below for easy reference:

  1. Malicious code Injection

  2. Cross-Site Scripting (XSS)

  3. Broken Authentication and Session Management

  4. Insecure Direct Object Reference

  5. Cross-Site Request Forgery (CSRF)

  6. Security Misconfiguration

  7. Insecure Cryptographic Storage

  8. Failure to Restrict URL Access

  9. Insufficient Transport Layer Protection

  10. Invalidated Redirects and Forwards

  11. SQL injection

  12. Man in the middle attack

The primary goals of Web Application Security Testing:

  • Provide management with an understanding of risk levels introduced by the web application.

  • Provide recommendations and details to facilitate a cost-effective and targeted mitigation approach.

  • Create a basis for future decisions regarding information security strategy and resource allocation.

 Other Services:

  • SSL report

  • TCP fingerprinting

  • WHOIS

  • Traceroute