Home > IT and e-Governance > Software and System Testing > Information Security Testing and Assessment

Information Security Testing and Assessment

Internet has opened unlimited avenues of opportunity by enabling organizations to conduct business and share information on a global basis. However, it has also brought new levels of security concerns. It exposes valuable corporate information, mission critical business applications and consumer's private information to more risk than before. But security of your IT infrastructure is something that you cannot afford to compromise. In the area of IT Security, STQCs experience spans across technology, process and people.

Our Services:

Vulnerability Assessment :

Methodology: This is a security audit and privilege access and administrator assistance is required for configuration audit. This is done directly on the system with physical and logical access. System configuration checking and vulnerability scanning is performed to find out weaknesses, vulnerabilities and mis-configuration in the target hosts.

Deliverable: A detail report with discovered vulnerabilities, weaknesses and mis-configurations with associated risk levels and recommended actions for the risk mitigation will be submitted.

System Performance Monitoring

Today’s business systems have changed dramatically at the advent of multi-tier architecture. Organizations’ need to support 3 or more tiers involving, network infrastructure, web servers, application servers, databases, ERM systems, CRM systems, access servers etc. Troubleshooting and to find out the root causes of the performance problems is not easy for such complex systems.

 STQC has launched new services to help the organizations to resolve those performance problems. STQC has acquired state of the art tools to monitor and analyze the network traffic.

To pin-point which tier is causing problems by inserting unacceptable latencies for the end users. Isolation of the fault to the application, system or network further speeds resolution and minimizes finger pointing among support groups and vendors.

Standards IT Services

The standards widely used by organizations all over the world are :

ISO/IEC 27002:2005 (Guidance Standard) is the standard code of practice and can be regarded as a comprehensive catalogue of good security things to do. It describes 11 security domains containing 39 security control objectives and 133 security controls which are either essential requirements or considered to be fundamental building blocks for information security.

ISO/IEC 27001:2005 (Certification Standard) is the specification document against which an organization is measured for compliance and subsequent certification. ISO/IEC 27001:2005 tells you how to apply ISO/IEC 17799 and how to design, implement & operate, monitor & review, maintain & improve an ISMS. This standard can be used by internal and external parties including certification bodies to assess an organization's ability to meet its own requirements as well as any customer or regulatory demands.  ISO/IEC 27001:2005 is based on "Plan-Do-Check- Act" approach and is aligned with ISO 9001:2000 and ISO 14001:1996 in order to support consistent and integrated implementation and operation with related management system standards.

IS 15150 is Indian National Certification standard equivalent to ISO/IEC 27001:2005.

Penetration Testing

Methodology: Penetration Testing (PT) is normally done remotely from public domain(Internet) and also  can be done from internal network to find out exploitable vulnerabilities from internal network. No privilege access is required. Series of testing conducted like information gathering from public domain, port scanning, system fingerprinting, service probing, vulnerability scanning, manual testing, password cracking etc. using state-of-the-art tools (commercial and open source) and techniques used by hackers with a objective to unearth vulnerabilities and weaknesses of the IT infrastructure.

Deliverable: A detail report with discovered vulnerabilities, weaknesses and mis-configurations with associated risk levels and recommended actions for the risk mitigation will be submitted. Additionally a demonstration of penetration (if possible) as a Proof of Concept (only to prove possibility and not to cause real damage) may be given.

eSecurity Assessments

Internet has opened unlimited avenues of opportunity by enabling organizations to conduct business and share information on a global basis. However, it has also brought new levels of security concerns. It exposes valuable corporate information, mission critical business applications and consumer's private information to more risk than before. But security of your IT infrastructure is something that you cannot afford to compromise. Our centre at Kolkata is equipped with the necessary tools and qualified trained devices and secure your IT infrastructure.

Application Security Assessment

Methodology: Different software testing techniques are employed to unearth application security vulnerabilities, weaknesses and concerns related to Authentication, Authorization, Session Management, Input/output Validation, Processing Errors, Information Leakage, Denial of Service etc. Typical issues which may be discovered in an application security audit include Cross-site scripting, Broken ACLs/Weak passwords, Weak session management, Buffer overflows, Forceful browsing,  CGI-BIN manipulation, Form/hidden field manipulation,  Command injection, Insecure use of cryptography,  Cookie poisoning, SQL injection, Server mis-configurations,  Well-known platform vulnerabilities, Errors triggering sensitive information leak etc.  For web applications  OWASP (Open Web Application Security Project) guidelines is used for the assessment. All the assessment are carried out using both state-of-the-art tools  and manual testing methods.

Deliverable: A detail report with discovered vulnerabilities, weaknesses and mis-configurations with associated risk levels and recommended actions for the risk mitigation will be submitted. 

 Why to Choose STQC for security Testing and Assessment ?

  • Dedicated IT Security Testing laboratory at Kolkata to serve the need of sensitive critical infrastructure of organizations
  • Facilitated IT Security training laboratory at Kolkata
  • Highly qualified and experienced IT Security experts positioned at different locations like New Delhi, Hyderabad, Chennai, Bangalore
Information Security Testing and Assessment facilities available at following centres:
IT Centre Kolkata
Top