Services

Our goal is to identify weaknesses in the network from external and internal point of view, as well as provide suggestions on how to mitigate potential problem. Our security vulnerability testing service can answer the following questions:

• Could a hacker access your network or your corporate critical information?
• Is your corporate network vulnerable to an attack or compromise?
• Are your internet facing systems protected from attacks?
• Could your wireless network provide a backdoor to your systems?
• Could an attacker steal financial and critical information from your servers?
• Are all your applications secured from inside and outside access?
• Are your security staff aware?

The Methodology for the VA/PT testing is based on established standards and can be summarized as below:

External black-box vulnerability assessment

Exercise in which the vendor tries to circumvent the application and the supporting components technical security controls with minimum initial knowledge (only the targeted IP or URLs to be provided as a starting point). The attacks are expected to involve both automated scans and manual testing. The exercise is defined as external which means that the vendor shell perform the test from workstations not directly connected to the customer corporate network.

Internal gray-box vulnerability assessment –

Exercise in which the vendor tries to circumvent the application and the supporting components security controls with credentials providing authenticated access to the tested system. The attacks are expected to involve both automated scans and manual testing. The exercise is defined as internal which means that the vendor shell perform the tests from workstations connected to the customer corporate network.

Please contact us to evaluate your requirements and offerings…

Consider the fact that more than 6,600 websites are getting hacked every single day. These legitimate websites are turned into distributors of malware by malicious hackers.

Based in Dubai, UAE, active 24x7x365 and staffed with qualified Engineers with the latest innovative tools to do its job.

Operating 24 hours a day, 7 days a week, the NOC is designed to monitor, identify and solve any kind of system or user issues. The NOC is fully equipped with sophisticated network management, monitoring and analysis and Cybersecurity tools. It is available to all Managed clients and its trained staff answers all their calls, questions and inquiries.

All problems are tracked in an online Trouble Ticketing System. The customer will be assigned a Trouble Ticket Number to ensure proper follow-up. The NOC monitors all servers, backbones and network devices. It looks at error, security and operations logs to get alerted to any impending issues. The NOC’s continuous monitoring services enable its engineers to identify potential issues so that they can address them before there is a problem.

The NOC ensures the continuous and efficient operation of servers and services while providing high quality support for our clients. The NOC staff troubleshoot all network and systems related problems and any user related issues. They are available 24x7x365 to address any issue that may arise.

Please contact us to assess you website now…

We directly assesses source code and gives developers accurate vulnerability data, enabling them to assess and fix code continuously throughout the software development lifecycle (SDLC) includes verification of all vulnerabilities by our Research Center.

We have a designed solution from the ground up to address the unique characteristics of SAST. Source code assessment permits the discovery of vulnerabilities that are harder to detect in production, and by doing assessments in the development phase, vulnerabilities may be remediated earlier.

Advantages:

Preservation of Intellectual Property: No need for source code, the foundation of any business, to leave the premises.

As a SaaS based service, it enables continuous update of attack vectors via Rule Packs that identify and verify vulnerabilities – this ensures that developers stay up-to-date on the latest attacks.

Easy to set up and use: No need for in-house training or security expertise.

Vulnerabilities Assessed by our experts

Delivered through a SaaS model, Contego identifies and custom tests each Web application to identify the most common vulnerabilities such as those in the OWASP Top 10 and WASC Threat Classification, including SQL injection and cross-site scripting (XSS).

Contact us for more details…

Phase 1: Scoping &Gap Analysis
Scoping a compliance project is very critical and a key fundamental part of any compliance project. Contego Solutions will work with clients to identify all relevant business processes which would be part of the compliance strategy. After the scoping, our specialized consultants will conduct a full assessment of existing security processes and an IT network architecture review. A Risk Assessment will also be conducted to evaluate the security risk of existing business processes.

Phase 2: Risk Assessment Key Findings &Roadmap Report
A roadmap highlighting key findings discovered in phase 1 including assigned risk level (High, Medium, Low) and remediation plan of action to attain compliance with PCI DSS & ISO 27001/27002 which will be presented in a detailed report to the client.

Phase 3: Implementation and Remediation Phase
Project Management of remediation activities based on the PCI DSS, ISO 27001/27002 and other security compliance programs. Contego Solutions will assist the client in project managing the implementation roadmap and will make any technical recommendations to close any gaps mentioned in the report and to recommend solutions to ensure that proper security controls are put in place in compliance with the PCI DSS Compliance and the ISO 27001/27002 standard.

Please contact us for more details.