about-banner
service-detail-banner

SECURITY ASSESSMENT & PENETRATIONS TESTING

Ahead in Prevention, Expanding in Services’ Scope 

Clients need to know they are sufficiently protected against an attack and will be able to resist a security breach should it arise. Conducting scheduled assessments such as penetration testing are the best tools to offer them such assurance.

The security and the integrity of your information is our top priority.

We help protect both you and your company from the possibility of unnecessary litigation, and potentially of severe financial loss resulting from a cyber-breach.

SEECRA provides the most complete and thorough set of assessment services available in this industry. We firmly believe that being proactive as opposed to reactive is a key to preventing immediate and future risks.

We offer the followinG SERVICES:
  • testing1

    White Box Or Black Box Testing

    White Box Or Black Box Testing

    A penetration test can determine whether a system is vulnerable to attack, if it’s defenses are adequate, and which cases, if any, the test defeated. Our team is able to simulate a real-life event through black or white box testing to give clients a clear view of the risks they face.

    Blind testing or Full Disclosure testing are also available.

  • testing2

    Wireless Network Penetration Testing

    Wireless Network Penetration Testing

    An insecure wireless network opens your organization to the external world and represents a security risk.

    Wireless Network Penetration Testing covers a list of activities:

    Testing the protective measures on WPA / WPA2 / WEP / WPS.

    SEECRA identifies the wireless infrastructure components that can be discovered and connected to.

    Security mechanisms enforced by use of Penetration Testing Execution Standard (PTES) and Open Source Security Testing Methodology (OPSSTM).

  • testing3

    Web Application Penetration Testing

    Web Application Penetration Testing

    This is a process of an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities.

    Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution. SEECRA provides a comprehensive framework for assessing the security of web-based applications, as a foundation for our web application assessment methodology.

  • testing4

    Mobile Application Penetration Testing

    Mobile Application Penetration Testing

    SEECRA’s services can protect you from the latest mobile application security threats. They have been specifically designed to identify configuration and deployment flaws associated with integrating application solutions into a corporate environment and provide detailed remediation advice.

    We use proven methodology to identify security flaws unique to your application technology. We assess the architecture and configuration of the mobile hosting environment, evaluate both.

  • testing5

    Social Engineering Penetration Testing

    Social Engineering Penetrations Testing

    SEECRA’s also employs the use of a Social Engineering Penetration Test, designed to mimic attacks that malicious social engineers will use to breach your company.

    We employ a number of techniques to include all methods of phone, Internet-based, and onsite engagements. Service consists of a full report of findings and mitigation recommendations which will be confidentially debriefed to your executive staff and security team.

Interested in learning more?

GET IN TOUCH! go
service-detail-banner

erp system

Penetration tests are designed to reveal system breaches that attackers rely on to get access to business-critical data or even use it for espionage, fraud or to sabotage your business operations.

Seecra penetration testers have rich experience in SAP and enterprise business application security. And you can completely trust their judgement.

SAP Security testing is intended to help your organization, you’re welcome to hire a 3rd party experts to provide another opinion. The benefits of this service are significant provided that you adopt all recommended measures.

  • We will identity the most critical vulnerabilities with blackbox scan;
  • We will detect all systems vulnerabilities and exploit them.
  • We will gain access to connected systems via RFC links and other trusted connections;
  • We will decrypt user passwords and test them on other systems
  • We will post-exploit and gather information to break connected systems;
  • We will gain access to business-critical data and provide you with proof of concept.
  • List of Vulnerabilities and Misconfigurations found;
  • Real attack vectors describing how your systems can be exploited;
  • Business Risks related to the exploitation of those vulnerabilities;
  • Detailed recommendations for Vulnerability Patching;
  • Security Guidelines for General System Configuration.

We pride ourselves in delivering unmatched services, conducting daily security research in SAP solutions and security assessment for SAP SE, is our core business. You can be assured you’ve picked the right company to help you with all of your SAP security issues.

Our experts have held lectures at over 60 conferences world wide. We’ve earned our success and bring the best to the table by focusing on your needs.

Interested in learning more?

GET IN TOUCH! go
service-detail-banner

Atm-Security Assessments

Did you know that ATMs are extremely vulnerable to a variety of risks?

In recent years, they have become a magnet for hackers and organized crime, as these groups and individuals come up with increasingly more sophisticated techniques to steal customers’ card information, PIN Data, introduce malware and viruses, use text messaging systems to get cash withdrawal, and many more. With a significant and growing threat, any financial institution that does protect itself, is at serious risk.

Our banking security experts have over a decade of experience developing vulnerability assessment tests that will discover any glitch in your security system and looks specifically at Trojan, Skimmer and Ploutus attacks on your software, hardware, and communication protocol.

At Seecra we also offer custom tools unique to your environment, and we can demonstrate the impact on your business if such attacks happen.

insert

While performing a security audit, we will be able to identify your most critical vulnerabilities. These are the areas that will need immediate attention and changes need to be made.

We meticulously look for the following issues:

  • Software vulnerabilities and ATM-specific network services, suchs as flaws that hackers can utilize to exit kiosk mode and obtain unauthorized access to the operating system of the ATM.
  • Security software weaknesses that allow attackers to bypass security controls
  • BIOS security weaknesses
  • Insufficient security at the ATM’s component devices (PIN pad, dispenser unit, card reader, etc.), including vulnerabilities in communications via XFS that can allow attackers unauthorized access to these devices
  • Network communication vulnerability, lack of encryption in communication between the ATM and the processing center. An attacker can create a fake processing center and use it to withdraw cash or intercept track-two data.
  • Payment card data leakage – We strictly follow all internationally recognized information security standards and regulations (Payment Card Industry Data Security Standard (PCI DSS) and PIN Transaction Standards (PCI PTS) ATM Security Guidelines, Open Source Security Testing Methodology Manual (OSSTMM), Web Application Security Consortium (WASC) Threat Classifica

SEECRA is working with major international banks to secure their networks. Our complete assessment of ATM security uses in-depth analysis methods to perform:

  • Comprehensive test of main system components
  • Check the general system information
  • Validation of data transfer protocols
  • Review of hardware and software versions and configuration
  • Inspection of network communicationss

Based on the information our experts gather in the discovery phase, security assessments will be performed that include but are not limited to the flowing:

  • Identifying vulnerabilities in communications between the ATM and processing center
  • Finding ATM vulnerabilities, including zero-day vulnerabilities in both software and hardware
  • Deploying custom exploitation tools that will verify these vulnerabilities and demonstrate the potential impact on your business operations, customer accounts, and customer data

In order to carry out analysis, we require access to:

  • An ATM cabinet in your test environment that is connected to your processing center
  • The ATM’s system unit and sample credentials for all ATM user roles
  • Access to virtual machines, ISO images of the OS, and/or copies of the software installed on all ATMs

While some assessments can be conducted remotely via VPN, it might be necessary to return to your test environment to verify and demonstrate the vulnerabilities we find.

Interested in learning more?

GET IN TOUCH! go
service-detail-banner

ICS/SCADA -Security Assessments

SEECRA ICS experts posses comprehensive experience working with different industries, such as oil refineries, banks, utility providers, transportation systems, and many more.

Our custom-fit approach will cater to your specific processes and operational technologies. Security research is our top priority. Our team of experts already discovered more than 200 zero-day vulnerabilities in leading ICS and SCADA systems through our detailed investigations.

SEECRA offers a full range of ICS-specific security services, including:

The assessment begins with performing an internal penetration testing to determine the potential vulnerabilities in an ICS environment, systems and components.

Here is a list of steps we take:

  • Evaluating the resilience of your network security, and identifying weaknesses that can allow attackers access to your LAN
  • Analysis of your network traffic to identify if attackers can access sensitive information
  • Identification of all types of devices, operating systems, and applications included in the LAN segment
  • Detecting weak network services
  • Access control weaknesses evaluation, poorly protected storage servers with confidential information, or weak firewall configuration
  • Password Policy analysis, inspection of the network traffic for information derived from a password (NTLM, MD5 hash, etc.). Generating a passive list of passwords tested against your ICS components along with a dictionary of common passwords
  • Network infrastructure security levels testing
  • Evaluation of the most critical vulnerabilities found, and the possibility of attackers to get access to the network beyond the test segment, or to critical ICS components, SCADA and controllers

Our experts perform a combination of tests, visual inspections, interviews with key personnel, and verification of configuration settings for all ICS components, to determine systems’ security and vulnerabilities.

SEECRA specialists will provide also:

  • Network architecture analysis to check specifically for proper network segmentation (separation between controllers, servers, and workstations)
  • Procedures for applying updates
  • Anti-virus protection evaluation
  • Workstation accounts and administrator privileges, security levels assessment
  • Firewall rules efficiency
  • Password policies review
  • Automatic job blocking test
  • Management interfaces to your PLC, switches, and routers review
  • Engineering workstations and servers separation placement
  • Communication ports security test (operator workstation, servers, and engineering stations)
  • Windows shell access verification on operator workstations
  • Backup network test (switches, routers, firewalls), controllers, and critical servers
  • Undeclared protocols check in control segments
  • Security cabinet and telecoms equipment test
  • ICS accessibility verfication
  • ICS interaction with external systems test
  • Connectivity to the Internet for all ICS components
  • Industrial-grade equipment: routers, switches, firewalls, converters, media, usage check.

Unfortunately when an actual attack happens, it’s due to an exploitation of a combination of vulnerabilities in key system components. Our experts can demonstrate to you how easily data is obtained, through access to control of key ICS components, and also work on designing an overall plan to minimize weaknesses and fortify your protection.

Interested in learning more?

GET IN TOUCH! go
service-detail-banner

ERP Security Scanner Suite for SAP

SAP security is comprised of 3 main areas – Vulnerability Management, Source Code Security and Segregation of Duties.
Effective management of the three areas requires high tech unique expertise that few providers offer.
SAP systems and business-critical applications store the most critical corporate data that can at some point be used for espionage, sabotage or fraud purposes.
It is crucial that you utilize the best SAP Security system.

Our award-winning software covers the main security threats:

  • Enables necessary identification
  • Performs analysis
  • Fixes common security issues
  • Protects against cyber attacks and internal fraud
  • The only one certified by SAP SE
  • Offers source code security for ABAP and JAVA programs, as well as Segregation of Duties.
  • It’s designed to monitor non-stop changes that happen in multiple SAP systems
  • It’s equiped with smart dashboards
  • Capable of high-level trend analysis, security data correlation, and more.
  • It generates reports in multiple formats and easily integrates with IT GRC, ITSM and SIEM solutions.
  • It supports all SAP platforms (ABAP, JAVA, HANA, BOBJ, Mobile) and modules (ERP, CRM, SRM, BI, HCM, industry solutions).

Some of the biggest organizations from diverse industries like Banking, Retail, Oil & Gas, Construction, are successfully deploying ERP Security Scanner.

The benefits of ERP Security Scanner Suite are:

Say goodbye to manual analysis. We got all your SAP Security aspects covered.

At completion, we issue a report containing:

  • Reduce the impact of fraudulent actions by insiders or third party developers and prevent cyber-criminal activity
  • Comply with regulations and guidelines as SOX, NERC CIP, PCI-DSS, ISACA, DSAG, SAP Security guides.
  • Save up to 80 % time and resources by automatically identifying 10 000+ misconfigurations and vulnerabilities across all types of SAP Platforms (ABAP, JAVA, HANA, BOBJ, Mobile) and Industry solutions;
  • Regular automatic checks following the Big Four auditing recommendations by ERPScanner to keep you audit ready.
  • Perform Advanced Risk Correlation and Trend Analysis;
  • Visualize potential attacks on SAP systems and associated risks on global scale;
  • Generate corrections automatically such as virtual patches and integrate them with IDS, SIEM and ITSM systems.

Great features. And a whole list of benefits:

  • Identification of security issues including vulnerabilities, misconfigurations, and SOD violations.
  • Effective solutions to all security issues
  • Award-winning solution to address the SAP and Oracle security protection in 360°.
  • Enterprise-suited with continuous management of vast structures.
  • Meticulous database approach of 10 000+ security checks.
  • – Industry-specific. Specific checks for industry solutions such as Oil and Gas, Retail, Banking, etc.
  • Cloud and SAAS support. Can be implemented as a virtual appliance, in cloud or as SAAS.
  • Doesn’t require any agents or modification.

ERP Security Scanner Oracle People Soft

The #1 VULNERABILITY MANAGEMENT SOLUTION FOR ORACLE PEOPLESOFT

Oracle PeopleSoft software perfectly combines a chain management, human resources, supplier relationship management, and much more.

Installed by 6000+ customers (57 % of Fortune 100 list), it serves 20 million employees worldwide. It provides attackers with an opportunity to steal the personal data of more than 20 million people. Simple Google search strings can find about 500 Internet-enabled PeopleSoft applications. Shodan requests will show much more.

Multiple vulnerabilities have been found in the system including allowing third parties to get full access of the system and obtain critical HR or supplier data, social security numbers, even credit card data.

Steal data, or cause denial of service or modify financial information such as bank account numbers, are among the common threats.

The extreme complexity and customization of Oracle’s PeopleSoft applications and the key business data stored, makes them vulnerable to many attacks.

There were no effective solutions on the market to address all vulnerabilities in Oracle PeopleSoft applications until now.

Meet ERPScanner add-on for PeopleSoft – the industry’s first complete vulnerability management tool!

Your PEOPLESOFT SECURITY Guaranteed –

We are introducing a new add-on to our flagship product ERPScanner Security Monitoring Suite, an award-winning solution with 360° protection against cyber-attacks and internal fraud.

Easy to implement, able to perform gap analysis within one minute, powerful, customizable, and equipped with a plethora of advanced settings.

Specifically designed for enterprise systems to continuously monitor the state of security in multiple SAP and Oracle business applications. It makes identifying threats an easy process, helps management with smart dashboards, is capable of high-level trend analysis, risk management, and task delegation. It allows report generation in multiple formats and easily integrates with IT GRC and SIEM solutions.

Requires Minimal time and effort for all your central management of business applications’ security.

The current add-on supports security checks for Oracle PeopleSoft application stack including Oracle WebLogic and Oracle Database.

  • The only solution on the market to address Oracle PeopleSoft security checks.
  • Extremely fast scans in less than 5 min save your time
  • Cloud and SaaS support. Implement ERPScan as a virtual appliance or run it as a service
  • Continuous monitoring of vast landscapes (quickly implemented, easy to use, scalable)
  • Largest database of Oracle PeopleSoft issues including 0-days
  • Does not require any agents or modification of Oracle PeopleSoft
  • Managing risk – modify, accept, or prioritize risks and export them into GRC solutions.
  • Managing tasks – assign tasks or export them to GRC and ITSM solutions.
  • User management – add new users, assign roles and access rights to assets.
  • Managing projects – schedule multiple projects against different systems using different templates.
  • Notifications – keeps you notified when changes are made.
  • Template management – create your own scan templates that fit your policies, or use a predefined one.
  • Generate reports in multiple formats or export results to GRC or SIEM solutions.
  • High-level statistics and trend analysis – 30+ CISO dashboards provided to analyze trends.
  • PeopleSoft vulnerability assessment
  • PeopleSoft configuration
  • PeopleSoft anonymous web services
  • PeopleSoft 0-day vulnerability checks and exploits
  • PeopleSoft access control
  • Oracle database security checks….

Interested in learning more?

GET IN TOUCH! go

contact us

contact
Today
to Get Your Free
Consulting Advice
ORDER NOW FREE

World Class Technology
COMBINED WITH EXCEPTIONAL SERVICES