Allocation of resources to the performance of information security tests is essential for the proper, effective management of information systems.
BugSec's core services include conducting advanced tests within two main frameworks:
Performance of risk assessments, which include an in-depth study of the way information systems are operated and managed in the organization, as well as of the information they contain.
Penetration tests, which include the simulation of attacks on the organizational network and applications, aimed at determining the feasibility of penetration into the organization's network by an external attacker.
The main purpose of risk assessments is a realistic evaluation, based on findings collected by BugSec's experts, of all the vulnerabilities and threats existing in the organization's information systems, such as management of a password policy; management of a data sharing policy; network control; rules defined in firewalls; data leakage tests; procedures governing the receipt of information by the organization's employees from external sources; authorizations; recovery procedures following a disaster or system collapse; and more.
The purpose of the penetration tests is to provide an up-to-date evaluation of the ability of the organization's applications and infrastructure to withstand attacks that may originate from a variety of sources, and find the it unprepared; or, even worse – unaware of the fact that its data has become exposed to a hostile element (attackers, spyware, worms, etc.) and is being exploited.
BugSec conducts tests in a variety of environments, including Linux, Windows and Unix, as well as in various software and hardware products – implementing a unique, proprietary methodology that it has developed and adapted specifically to ensure optimal time and technique management. Moreover, BugSec preserves a high level of testing by carefully selecting its employees, seeking individuals with an outstanding professional level; independent, creative thinkers who are also committed to extreme thoroughness – in order to ensure that our clients are continuously provided with the superior quality of service they have become accustomed to expect from us.
Once the information security tests are completed by BugSec's experts, a report is prepared, in which the findings are presented in detail by order of importance and severity. The final report includes an executive summary that presents the findings in clear language that is also easily understood by persons in non-technical positions, and is therefore suitable for dissemination among key personnel and decision makers within the organization. The client may thus take the appropriate action to remedy the deficiencies either by developing solutions in-house, or by contracting suitable support personnel.
If necessary, or upon demand, BugSec supplies a response to deficiencies revealed during the course of the tests, by implementing hardening and network configuration solutions (to servers and infrastructure products existing on the market), as well as by repairing security deficiencies in the application code.Additionally, BugSec supplies integration and outsourcing services; conducts lectures on a variety of topics in the area of Information security; provides training and supports services to developers at the application, code and network levels; and performs hardening of servers and configurations.