Security Assessment

A Security Assessment is the measurement of a company’s security posture and aims to reveal any possible flaws in the systems, in order to define the correct countermeasures. Security Assessments rely on:

• Vulnerability Assessment, which is mainly conducted automatically with the objective to find out all the vulnerabilities in the systems

• Penetration Testing, a process whereby someone manually proves that the vulnerabilities actually exist in those systems and are exploitable

Approach & Methodology

NBSecurity favours a hybrid manner approach: not only automated scans but more than anything manual verification and testing. We believe, in fact, that human intelligence is unlikely replaced and is still the source of high quality results. Our qualified ethical hackers and experts will actively test the effectiveness of your cyber defences through internal and/or external attempts to find, track and prioritize your actual vulnerabilities.

Network Security Assessment (NetSA) reveals real-world opportunities for attackers to be able to compromise systems and networks in such a way that it allows unauthorized access to sensitive data or even take-over systems for malicious/non-business purposes.

This type of assessment is an attack simulation carried out by our highly trained security consultants in an effort to:

• Identify security flaws present in the environment

• Understand the level of risk for your organization

Help address and fix identified network security flaws

Web Applications Security Assessment (WebSA) allows you to identify security vulnerabilities that are present in both your commercial and in-house developed web-based applications.

By testing the security of your web-based applications, Innovery Group helps you to:

  1. Identify security vulnerabilities and security design flaws affecting your web applications.
  2. Understand the contextualized risk posed by issues found and the impact of security violations.
  3. Reveal your exposure to internal (e.g.: malicious employees) and external attackers (e.g. malicious users and anonymous attackers).
  4. Learn your applications’ overall security posture and how the latter can affect your business.
  5. Receive detailed recommendations on how to solve issues found, mitigate identified risks and improve the overall security stance of your web-based applications.

Mobile applications are becoming more dominant than ever, this evolution has created a full range of new attacks that are not relevant in the classic web applications world.
During Mobile Security Assessment (MobSA) testing, Innovery Group simulates a multitude of attacks, both general application attacks and mobile dedicated attacks.
At the end of this assessment you will be aware of how a real hacker penetrates the different applications and retrieves confidential data. In that respect, Innovery Group has created a research-driven mobile testing methodology that incorporates guidance from the OWASP Application Security Verification Standard.

Using a combination of manual and dynamic analyses, along with custom harnesses for automated fuzzing, our mobile security testing provides verification and validation across all major control categories, including authentication, session management, access control, malicious input handling, cryptography at rest, and much more.

Business Insider Intelligence forecasts that there will be more than 64 billion IoT connected-devices installed around the world by 2026*. Globally, that will be 3.5 networked devices per person.

While (Internet of Things) IoT is going to improve life for many, the number of security risks that consumers and businesses are prone to face will increase exponentially. IoT security ecosystem gathers embedded software, data, mobile application and cloud security.

In that sense, Innovery Group has created a research-driven IoT testing methodology that incorporates guidance from the OWASP IoT Security Verification Standard.

Our Internet of Things Security Assessment (IoTSA) covers the entire IoT ecosystem:

  • Authentication/Authorization process.
  • Network Services analysis.
  • Encryption strength.
  • Mobile Interface.

Software/Firmware security analysis.

Traditionally, SCADA environments were completely closed systems that used their own isolated equipment and networking protocols. More recently, however, SCADA environments have become IP enabled and interfaced to IP gateways.

Therefore, the risks to SCADA environments are growing and organizations are actively looking at vulnerability assessment and penetration testing against these resources.

The first stage of any SCADA Security Assessment (ScadaSA) test performed by Innovery Group is to understand the technologies in use, which can vary significantly, from old proprietary solutions to more modern web-based interfaces, with or without additional authentication solutions.

Once the solution is understood, Innovery Group’s consultants evaluate the potential attack vectors, develop an appropriate test plan and proceed testing.

As we understand the sensitive nature of testing Process Control and Industrial Automation systems, especially within live production environments, our team have developed a proven methodology to test systems with no interference to the availability and integrity of the process.