Cyber Security Testing Services

  • Internal & External Penetration Testing
  • Internal & External Vulnerability Testing
  • Web Applications Security Testing
  • Mobile Applications Security Testing
  • Firewalls & Routers Rules Review
  • Social Engineering Testing - Digital Shadow
  • Security Standards Configuration Review
  • Networks and Systems Remediation Services
  • Policies, Procedures and Processes Development
  • Intelligent Log Monitoring and Alerting
  • Risk Assessment and Management
  • Compliance with Standards, Frameworks and Regulations

Cyber Security Testing Methodology

The Penetration Testing service consists of five phases once the initial order has been received. Starting these phases with the requirements by gathering and agreeing with the customers and finishing them with ComplyWave experts by presenting the results back to the customers along with any recommendations.

Five Phases Steps:

  • Initial Scoping
  • Reconnaissance
  • Assessment
  • Reporting

It is important to note that ComplyWave will not carry out any checks that are considered by the tools that are used to be "unsafe", this also includes any Denial of Service DoS attacks. These checks that can be service affecting are disabled by default in all the tools that we used, But they can be carried out at the wish of the customer. The unsafe checks and DoS attacks can provide more information about the vulnerabilities that exist within the customer's infrastructure but there is a risk of service disruption.

However, there is an argument that it is better to find out about these vulnerabilities when conducting an assessment rather than waiting for an attacker to find them.

Remediation Guidance Services

The twentieth century U.S. criminal Willie Sutton was said to rob banks because "that's where the money is." The same motivation in our digital age makes merchants the new target for financial fraud. Occasionally lax security by some merchants enables criminals to easily steal and use personal consumer financial information from payment card transactions and processing systems. It's a serious problem - more than 234 million records with sensitive information have been breached since January 2005, according to Privacy Rights As a merchant, you are at the center of payment card transactions, so it is imperative that you use standard security procedures and technologies to thwart theft of cardholder data.

Merchant-based vulnerabilities may appear almost anywhere in banking and companies’ core and critical systems and card-processing ecosystem Including point-of-sale devices, personal computers or servers, wireless hotspots or Web shopping applications in paper-based storage systems, and unsecured transmission of cardholder data to service providers. Vulnerabilities may even extend to systems operated by service providers and acquirers, which are the financial institutions that initiate and maintain the relationships with merchants that accept payment cards.

Compliance with GDPR, Cloud Security, Cyber NIST ISACA core framework, ISO and Payment Card Industry (PCI) Data Security Standard (DSS) helps to alleviate these vulnerabilities and protect critical and cardholder data.

Security Architecture Review

The systems network's infrastructure and architecture security are the foundation that all your security is based upon. Therefore, each network device must be well secured, and the architecture properly designed. Many risks can be mitigated simply by implementing a secure-by-design architecture.

ComplyWave experts can help by performing detailed analyses on current network architecture to identify all vulnerabilities by using a comprehensive approach to ensure that malicious intruders do not gain access to your critical assets.

During this review ComplyWave team will assess the security architecture of your company's infrastructure. ComplyWave experts will evaluates the current design structure of various security control mechanisms in place to determine their effectiveness and alignment with your company's security goals. Our process takes a careful look at strengths and weaknesses in your IT technical security architecture.

Security Configuration Review

These Premise & Cloud components will be examined by ComplyWave:

  • Key design assumptions
  • Technology Inventory
  • Network Topology
  • Network Access Controls Lists
  • Host Access Controls Lists
  • Authentication/Access Requirements
  • Administrative and Maintenance Channels
  • Technical and application architecture in place
  • Functional data flow (including security-control points)