Security

Security Assessment

Spike Reply provides specific services for security assessment. The relevant activities are divided into:

  • Infrastructure Vulnerability Assessment and Penetration Test
  • Application Vulnerability Assessment and Penetration Test

The method used by Spike Reply for Security Assessment activities complies with the Open Source Security Testing Methodology standard (www.osstmm.org)developed by ISECOM (Institute for Security and Open Technology (www.isecom.com).

The Vulnerability Assessment and Infrastructure Penetration Test is aimed at:

  • Checking that the information on the Customer’s network viewable on Internet are reduced to the strictly required ones
  • Checking that it is not possible to obtain unauthorized accesses to the Customer’s network through vulnerabilities at infrastructure level
  • Defining a detailed countermeasure plan to eliminate the vulnerabilities

A particular treatment is required for Penetration Tests on Wireless Networks. In those cases, some considerations are required regarding encryption systems and the possibility of reaching those networks also from public access zones.

The infrastructure is an important component for the company peripheral security; however, the always increasing usage of Web-based applications strongly increases the risk level by offering a possible access to the company IT system.

Web applications often are not designed and developed according to a methodological approach for security issues (Secure Application Building) and create therefore vulnerabilities which can be used for attacks at application level.

In this context, Spike Reply –through the application of advanced methodologies (e.g. OWASP)- carries out some activities of Application Vulnerability Assessment and Penetration Test with the aim of checking the security level of company applications and to define a detailed countermeasure plan in order to minimize the vulnerabilities.

<< back