Home - Cyberity Penetration Testing Company

Security solutions delivered with innovation,
integrity and unparalleled service.

Securing customers by sharing knowledge - not hoarding it.

Our culture is our competitive advantage.
Security solutions delivered with innovation,
integrity and unparalleled service.

Securing customers by sharing knowledge - not hoarding it.

Our culture is our competitive advantage.

SERVICES

What We Offer?

At Cyberity we specialise in cyber security, providing our customers with information security services. We provide organisations, ASX-listed companies and government clients in the Asia Pacific region with services consisting of the most sophisticated cyber security solutions in the market, underpinned by world leading technology. Cyberity offers tailor-made engagement models to deliver our bespoke portfolio of governance, risk, compliance and security services which are designed to maximise value to your business.

Security Assessment & Pen Testing

Cyberity provides you with reassurance and facilitates regulatory compliance by delivering a comprehensive list of vulnerability assessment and penetration testing services. Regular assessment of your system’s vulnerabilities and testing of its security controls will reveal how vulnerable your infrastructure is from an attacker’s perspective. Depending on your organisation’s requirements, these services can be customised for specific scenarios, such as API and web applications, hosted infrastructure, internal LANs, and any other specific environment in which uptime is critical or where a compromise could place sensitive data at risk.
Download brochure for more information

Service Level and Maintenance Agreements

No matter the size or scope of your network, Cyberity is ready to help you extract real value from it. A professional evaluation conducted by our security consultants will help you understand how Cyberity can help raise your IT security parameters to the level they should be operating at – with constant respect for your budget. Once an understanding of your requirements and budget has been reached, several pre-defined packages are available to you; featuring dedicated amounts of on-site, remote and emergency visits, and reporting. All our reports are individually customised to your needs and are essential tools for auditors and decision makers alike. And if one of our defined packages doesn’t fit your needs, we’ll work together with you until you are happy that you are achieving maximum benefit and cost-effectiveness.

Solution Management

Many organisations are not able to justify the expense of a dedicated IT security engineer, often resulting in unnecessary IT burdens being placed on unqualified staff members. Ultimately this approach exposes your company to vulnerabilities at several levels – including IT security. Cyberity provides professional advice and management of network firewalls, content filters, and other security solutions. Whether your organisation simply requires a once-off advisory consultation, the initial configuration of a new or existing security solution, or regular maintenance and reporting, Cyberity ensures that your IT security environment is operating at maximum efficiency.

Network security

Network is an easy entry point for attackers. The first thing we do is to secure the server network by blocking all unwanted ports from being accessed from external network. We design network systems by segregating confidential data from the public network. By adjusting the network settings, we harden it against major attacks such as SYN flood, DDOS attack, etc. We monitor the network traffic regularly and block attacking IPs and port scanning attempts. With the help of firewalls and other tools, we prevent direct access to back-end servers. Other security tasks we perform include blocking spoofed and malformed connections, rate limiting ping packets, blocking blacklisted IPs, and so on, to avoid attacks.

In-depth server hardening

Here, we cover everything from user account protection to file system security. We secure user accounts with strong passwords that expire periodically and by enforcing secure user access policies. By configuring SSL/TLS in all server services, we protect the user data and credentials being sniffed out by hackers. Using secure authentication systems like Kerberos is another way we foil sniffing attacks. Other security tips include IP restriction for administrator access, using 2 factor authentication, locking account after multiple login failures and exercising other security practices. The file system is further secured by controlling the access privilege of each user, restricting privilege execution of scripts and blocking malware execution in vulnerable directories such as /tmp. System binaries are protected against unauthorised modifications that can lead to system infection. We also protect your operating system boot image against all malware infection.

Web server security

Web server is the most exposed service in any server. This makes it vulnerable to a wide range of attacks that can affect the web applications and related databases. We configure Web Application Firewalls (WAFs) and malware scanners to block such attacks. All known attack patterns are blocked and signature databases are used to block all the common attacks. With customised security rules such as mod-security, we restrict web operations to only the required ones. All processes and uploads are scanned in real-time to detect and block any malicious ones. Securing the web server configuration is done to protect it, by preventing information disclosure, limiting privileges of web user, disabling obsolete and insecure modules, etc. Limiting per-user resource allowance helps to prevent a single user abusing the whole web server. We also restrict user permissions to prevent one user from seeing another user’s data. Deleting malicious files, enabling DDoS protection, enforcing SSL encryption for connections, using server hardening patches, etc. are some major activities we do to protect the web servers. In addition, we monitor web traffic and log files for anomalies, keeping the software updated and with latest security patches. This helps us to prevent any malware from affecting these servers.

Database server hardening

Database forms a critical part of server as it stores many vital information. We tweak the database server to enable it to withstand information disclosure attacks. Restricting user privileges, securely storing databases and backups, all these play a vital role in database server security. Enforcing strong passwords and restricting connections are other critical aspects. DNS, SMTP, POP/IMAP, Remote Desktop, SSH, SSL, FTP, etc. are other critical services in the server which we secure as a part of our server security services.

CARD Testing

A smart card, chip card, or integrated circuit card (ICC), is any pocket-sized card that has embedded integrated circuits. Smart cards are made of plastic, generally polyvinyl chloride, but sometimes polyethylene-terephthalate-based polyesters, acrylonitrile butadiene styrene or polycarbonate.

Smart cards can be contact, contactless, or both. They can provide personal identification, authentication, data storage, and application processing. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations.

Smart card technology has made a major breakthrough in the everyday human systems as one of the most recent achievements of human beings. Two important categories of security (security) and companion (mobility) are the unique features of this technology.

Today, the applications of this technology are visible globally in most areas and even this trend is growing. Banks, telecommunication centers, government agencies, health centers, service centers, educational centers, amusement centers, and so on. The technology gains these benefits.

Smart Card Types:

Contact Memory Card
Contact CPU Card
Contact-less Memory Card
Dual Interface CPU Card

As you know, today all our activities are done by smart cards
And if we do not pay attention to it, it will release our sensitive information such as: (Money transfer, copying sensitive cards, etc.).

Previous tab Next tab

Penetration Testing

Our experts test your network using real-world techniques to deliver cogent strategies to make your network bulletproof.

Vulnerability Assessments

We use enterprise-grade software and advanced techniques to scan your systems and find the vulnerabilities in your network.

Web App Testing

Our AppSec team can simulate attacks on your application and review your code to ensure your application is secure.

A Penetration Test, or PenTest for short, is a service where we attack your network and computer systems using real-world tools and techniques in order to find security weaknesses. We identify specific risks to your business systems and data and provide proven mitigation strategies. You are essentially hiring hackers that you know you can trust to break into your network and show you how an attack would be perpetrated before a malicious attacker can perpetrate the same attack. Technology environments have gotten increasingly complex and it is harder than ever to watch over your entire infrastructure. Having an independent team of experts audit your security is a valuable tool that is guaranteed to uncover vulnerabilities and greatly increase your level of security.

Benefits

Simulate a Real-World Attack

See how your defenses hold up in a simulated attack by our team of certified experts. This is the best way to see where your defenses are sound and where lapses will occur in a real-world event.

Peace of Mind

It is difficult for internal IT staff and leaders to objectively look at the systems that they build and control. Our independent perspective and unique expertise will reveal the issues you are unaware of but an attacker would find.

We Work With Your IT Staff, Not Against Them

The goal of a security exercise is not to reveal deficiencies in the performance of the IT Staff, but rather to support them. IT Staff are pressured to make things easy-to-use and functional, which diametrically oppose security. Our assessment aids the IT Staff, giving them a road-map for making their networks bulletproof. Just like a CFO needs a CPA firm to audit their financials, an independent audit from a security firm like Cyberity provides valuable insight and guidance.

Penetration Test Process

Reconnaissance

The Cyberity team will gather evidence and data on the target of the attack, using both active and passive techniques, in an attempt to find accessible information that could pose a risk.

Scanning & Enumeration

Following the Reconnaissance stage, Cyberity will run a variety of information gathering tools in order to enumerate computers and devices that the team may be able to access.

Vulnerability Mapping & Penetration

Cyberity will look for vulnerabilities in enumerated computers and devices and attempt to exploit them. If successfully penetrated, the team will attempt to escalate privileges and gain further access into the network, including the points at which sensitive data can be accessed.

Detailed Final Report

Throughout the penetration test, Cyberity will document and record the exercise. Cyberity will provide a report of the penetration test which will include all vulnerabilities discovered, what data was obtained from the network, and the actions that need to be taken to ensure security issues are resolved. The report will be strictly confidential.

A Vulnerability Assessment is the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Our team of highly-trained security experts use enterprise-grade software to scan your computer systems for vulnerabilities. We couple this with our own expertise and manual techniques in order to provide a comprehensive view of your current vulnerabilities and the actions needed to correct them. A Vulnerability Assessment is a simpler exercise than a Penetration Test. It does not actually simulate an attack or attempt to exploit vulnerabilities found. It notes all vulnerabilities and security issues detected and the results are delivered in a final report.

Have your network scanned for issues

We will identify vulnerabilities in your network that could potentially open you up to harm from a malicious attack. A comprehensive Assessment Report is delivered outlining our findings and recommending solutions to resolve issues that are found.

Advanced software mixed with real-world expertise

We use enterprise-grade security software to scan you network, in conjunction with our own advanced expertise and manual techniques that ensure a complete view of your network and its vulnerabilities.

Functionality and usability are often the primary concerns in development, leaving security as an afterthought. Web App Penetration Tests are the most effective technique for identifying security flaws. We review your entire application, including the front-end, back-end, and underlying hosting architecture to ensure your applications and databases are secure.

Application Security

Our AppSec experts will review your software from both an outside perspective, revealing any unintended information or vulnerabilities exposed to the public, as well from the backend, combing through your code and system architecture to find potential weaknesses. Our services include Manual Inspection and Review, Threat Modeling, Penetration Testing, Code Review, and Infrastructure Review. The end goal is to find potential vulnerabilities and recommend architecture improvements to maximize security and performance.

Source Code Review

Using both manual and automated techniques, and working inside our OWASP framework, we primarily look for potential vulnerabilities, security functions performed on the client side, flawed business logic, client-side access control, cryptographic functions, and any comments or details left by the developers. We look through all code, any included JavaScript, framework-specific generated code, third-party plugins, and any other dynamically generated DOM/HTML. Our Final Report gives a complete view of the security stance and lists fixes for all issues found.

Manual Testing Approach

Unlike many web app pen test providers, we do not simply run a piece of software against your application and see what the program spits out. Our AppSec team uses hands-on manual techniques to safely and securely take a deep dive and ensure a proper review from top to bottom. In addition to ensuring that we provide the most thorough and accurate assessment possible, our methods virtually eliminates the risk of an unintended DoS attack during the exercise, which is a potential risk when automated testing techniques are used.

Modeled around OWASP Methodology

Cyberity’s work approach for web-application penetration tests is modeled around the Open Web Application Security Project (OWASP) testing methodology and as such follows the current OWASP recommendations and best-practices. We built our proprietary testing methodology specifically around the OWASP testing guide as it is the definitive resource for web-application penetration tests. Using this approach allows us to be creative in our approach while staying within a secure framework.

Server Auditing

We can audit your server environment, including the overall hosting environment and the configuration of your OS and software.

Stress Testing / DoS Testing

We can test your application for expected peak traffic conditions or simulate a Denial of Service (DoS) attack and recommend improvements.

SOLUTIONS

Web and Email Content Security

Data Leakage Prevention

Advanced Threat Prevention

Identity Management and Access Governance

Firewall

Web Application Firewall

SIEM and Security Analytics

Database Security

Endpoint protection

Endpoint Detection and Response

Firewall Rule Management

Vulnerability Management

Security Orchestration

Network access control and VPN Access

Security Awareness Training

Some of our previous clients and endorsed product suites for our customers

ABOUT US

Cyberity provides small, medium and large scale enterprises with market-leading, threat-aware, identity, access and vulnerability management solutions that enable actionable intelligence and context needed to manage security risks across the enterprise. Our analytics-driven approach to security enables customers to manage access and identify vulnerabilities, in order to minimise risks and maintain continuous compliance.

How we are different?

Cyberity is different, we incorporate next generation concepts to detect threats which are missed by
traditional security technologies. These include:

01. Threat Hunting

Regular, scheduled threat hunting by experienced analyst finds anomalies missed by security technologies.

02. Beyond Security Logs

Monitoring beyond the traditional security software sources. DNS traffic, application processes and other sources are often overlooked but can provide a wealth of information.

03. Honeypots

Honeypots or deceptive technologies alert us when intruders or malware is attempting to move laterally in your network.

04. Building Intelligence

Build our own threat intelligence based on previous events seen in the MDR centre. Traditional threat feeds are also consumed and tuned for maximum effectiveness.

05. Mitigate Defense Regression

Actively mitigate against “alert fatigue” and “defense regression”, a common risk against effectively detecting breaches or security incidents.

06. Hybrid Offering

Offer a hybrid cloud/onsite model to allow clients to make use of data analytics onsite for operations and security.

07. Context Aware

We take contextual information into consideration. This is imperative in order to assign an effective risk to incidents.

08. Effective Measurement

Our monthly reports measure how effective Cyberity protects your organisation from a threat perspective, highlighting any gaps where defences should be re-focused.

Penetration Test

CONTACT

Tel: 02 8971 4548 / 0404 430 358

Email: [email protected]

Cyberity

The Cyberity head office is situated in 41 Waterloo Rd Macquarie Park, Sydney, NSW 2113, Australia

Your Name (required)

Your Email (required)

Your Message