|
BugSec provides a broad range of services in the field of information security. The core of the company's services includes the performance of advanced tests, implementing a unique methodology that its specialists have developed.
Above and beyond its proven, proprietary methodology, BugSec maintains a high level of professionalism by carefully selecting its team of specialists, seeking experts who are knowledgeable and experienced; highly reliable, motivated and dedicated; individuals who are also independent, creative thinkers and maintain a high level of confidentiality with respect to their work and the information that becomes available to them during the course of their work about the company's clients.
BugSec's core activities involve the performance of:
Additionally, the company performs other information security tests that are essential to the proper and effective management of information systems.
Risk Assessments
The main purpose of risk assessments is to arrive at a realistic evaluation of the risks faced by the organization's information systems. The evaluation is based on findings collected by BugSec following an in-depth examination of the way the organization's information systems are operated and the information they contain.
The risks may involve:
· Deficient management of a password policy;
· Deficient management of a data sharing policy;
· Insufficient network control;
· Insufficient or ineffective rules defined in firewalls;
· Data leakage;
· Procedures governing the receipt of information by the organization's staff from external sources;
· Authorizations;
· Recovery procedures to be implemented after a disaster or system collapse;
and more.
Penetration Tests
The purpose of penetration tests is to supply an up-to-date perspective of the ability of systems to withstand attacks originating from various sources, aiming to catch the organization unprepared, or even worse – unaware of information exposure to hostile elements (attackers, spyware, worms, etc.) and its exploitation. The tests include the simulation of attacks on the organization's network and applications, in order to prove the feasibility of penetration into the network by an external attacker.
Additional Information Security Tests
BugSec carries out tests in a variety of environments, including Linux, Windows and Unix – using various software and hardware products. These tests are based on our structured, proprietary methodology and are adapted to ensure proper time management and technique.
Once BugSec's experts complete the Information security tests, a detailed report is produced, outlining the findings by order of importance and severity, to enable the client to take action and instruct his developers or the required support personnel to effectively implement the required means to rectify problems that may potentially lead to the exposure of data to unauthorized parties.
The final report includes an executive summary that explains the findings of the tests conducted in a less technical language, to enable its dissemination to a broader distribution list – if required, or to recipients as determined by the organization's management.
If necessary, or upon demand, BugSec provides a suitable response to deficiencies that are revealed during the tests and detailed in the reports, in the form of hardening and network configurations (for servers and infrastructure products available on the market), along with the rectification of security deficiencies in the application code.
Other Services
BugSec also provides the following services;
|
