Cyber Security Testing

RoGiViC can offer different angles and perspectives in conducting cyber security assessments, penetration testing and any other security assurance activities.

Overview

How We do it

External Perspective

From an external perspective there are several security assessments RCSA conducts to improve the posture of the Clients’ externally facing services. These services include but are not limited to:- •

  • External Network Security Assessment
  • External Asset Mapping (Foot printing exercise)
  • Vulnerability Scanning
  • Web Application Security Assessment
  • Mobile Application Security Assessment
  • Red Team Engagements
  • Social Engineering Audit

External Network Security Assessment

The goal of this assessment will be to gauge the effectiveness of the implemented security measures of the deployments, and to determine whether the internet-facing infrastructure exposes Client or their clients to any security risk. Thus, the focus of this assessment will be to identify vulnerabilities that could potentially enable an attacker to compromise these hosts, and thereby gain access to the backend systems or data warehouse.

External Goal Oriented Security Assessment

The assessment will determine whether potential vulnerabilities on Client’s external infrastructure could be leveraged by such an actor to breach the perimeter and obtain a foothold on the internal network. The aim of the assessment is to provide Client with the assurance that their perimeter security controls, and the awareness of Client’s employees do in fact limit its attack surface. However, if a breach is achieved an attack phase will be executed to provide further insight into the security posture of Client’s internal environment, with a specific focus on pursuing a critical asset as agreed by with the Client team. The report of this assessment will be shared with a regulator to demonstrate Client’s proactive investment in assessing and advancing the security posture of the organization

External Asset Mapping (Foot printing)
  • Foot printing or External Asset Mapping (EAM) is part of reconnaissance. It attempts to gather the external ‘footprint’ of a client, primarily in the form of IP addresses, domains and subdomains, and certificate information. The purpose of foot printing is to either give the client an overview their externally exposed infrastructure, or to use this information for other assessments, e.g. TAS, external assessment, managed scanning.
  • Big organizations are not usually aware of their entire externally exposed infrastructure. Providing them with a better understanding of their external foot printing would allow them to detect risks and prevent a breach to the internal network.

Vulnerability Scanning
  • The overall goal of this service is to provide Client with an overview of the vulnerabilities that exist on their internet-facing infrastructure, which represents the attack surface available to external malicious threat actors. All activities will be performed from an unauthenticated internet user’s perspective.
  • In addition, RoGiViC will provide quarterly feedback sessions to assist and prioritize remediation efforts. These feedback sessions will also involve a historical overview and an update on recurring issues, while highlighting any trends that can be seen from the evidence.
  • Foot printing: In addition to the Client provided IP ranges, a biannual foot printing exercise will be conducted to identify the organization’s internet-facing infrastructure not contained within Client’s publicly owned ranges. This could include web applications hosted in the cloud, email infrastructure, network management infrastructure, and other external infrastructure. The hosts identified from the foot printing exercise, that are validated by Client to belong to Client will be included in the infrastructure and web application components discussed above.

Web Application Assessments
  • A security assessment of a web application consists of searching for design flaws, vulnerabilities and inherent weaknesses. Web security assessments combine exploratory security testing with the use of security tools to discover erroneous and unspecified functionality and programming and configuration mistakes. Compliance with regulatory requirements and best practices will be assessed. For any findings, suggested mitigation strategies and/or compensating controls will be suggested.
Mobile Application Assessment
  • A mobile application security assessment of an application and the associated backend API consists of searching for design flaws, vulnerabilities and inherent weaknesses. Mobile security assessments combine exploratory security testing with the use of security tools to discover erroneous and unspecified functionality and programming and configuration mistakes. Compliance with regulatory requirements and best practices will be assessed. For any findings, suggested mitigation strategies and/or compensating controls will be suggested.
Social Engineering
  • Social engineering assessments are a major aspect of many real-world cyberattacks. From highly targeted spear-phishing engagements to vishing support calls, hackers use a range of attacks aimed at employees to gain unauthorized access.
  • By nature, social engineering is a covert operation that requires an element of stealth in order to achieve favorable results. RoGiViC will leverage OSINT to target specific users to replicate the actions of a threat actor as closely as possible. During the information gathering phase, sources such as social media and job postings will be used to deliver crafted payloads to specific user groups.
  • Phishing has been the starting point of many data breaches. Less technically savvy staff are usually targeted by attackers in order to gain a foothold into the environment. Attackers also target the most technical users that may have access and privileges that would allow an attacker to move laterally through the network in order to achieve their goals. RoGiViC’s phishing campaign will seek to address these issues by targeting a subset of staff at all levels through all entities. The resulting data may shed insights on which areas within the Client need to strengthen their security processes.

Red Team Engagement
  • A Red Team Engagement is a highly targeted assessment that aims to compromise critical data assets in the network, leveraging the vast scope an external attacker would have. Unlike a traditional penetration test, in which our security engineers attempt to find and exploit any possible vulnerabilities in a defined scope — such as a web application — these engagements simulate a genuine cyber-attack on an organization.
  • Red team testing is somewhat intrusive by nature, as it involves breaking into companies – albeit at their request – to help them improve their security. This is done under a strict code of ethics and abiding to the laws of the land (country).

Attack Path Mapping

  • Attack Path Mapping is a collaborative, time-efficient white-box exercise that looks at an environment holistically, differing considerably from a narrowly-scoped penetration test. APMs focus on enumerating the likely paths an attacker could use to achieve a particular objective including leveraging vulnerabilities, accessing systems or simply obtaining and abusing legitimate access; whichever route an attacker would take in real life.
  • APM’s collaborative nature involves interviews and workshops with key stakeholders to obtain an accurate view of business risk and to identify theoretical attack paths. RoGiViC then conducts focused technical testing to validate and prioritise these paths and discover further paths. This exercise will also identify and document the extant controls which decrease the likelihood of an objective being achieved, and/or increase the likelihood of attacks being detected.
  • •An APM exercise enables a more exhaustive security assessment that identifies more effective and targeted remediation activities; ensuring that follow-on activities produce the highest impact return-on-investment in terms of security resilience and capability improvement. For example; attack paths which converge can be targeted by focusing on building detective controls, or addressing security exposures, at intersecting points. This will enable Client to plan efficient security improvement activities whilst demonstrating the value and impact of the APM, and any follow-on activities, in relation to the maps produced.