Menu

Our cyber security offer

Reading time: 4 min

As software development processes evolve, so does the software itself. It becomes more complex and more connected. At the same time, the difficulty to ensure its security increases.

Risks continue to grow and modern companies can’t afford cyber-security system issues, which often result in big monetary and reputational losses. Especially, with the attacks being one of the most serious threats facing businesses today. Modern organisations need to employ a proactive approach towards cyber-security.

Our clients benefit by staying safe in the digital world with the help of managed security services we provide at Future Processing:

Our team is accredited by industry-leading certifications, including: CISSP, OCSP, CEH and CCNP.

Secure development lifecycle (SDL) governance

SDL is a software development process that helps a development team to build more secure software and reduce development cost through addressing security compliance requirements.

SDL – why do it?
Security is about risk management. It is a process, not a one-time event. By considering security and privacy concerns early, you can build more secure software and address security compliance requirements while reducing the need for costly changes in later stages of the project.

Our methods are compliant with industry standards like Microsoft Security Development Lifecycle, OWASP Software Assurance Maturity Model, OWASP Application Security Verification Standard.

What will you get:

  • Security and design requirements for your project
  • Coding guidelines for developers
  • Implementation of your security static analysis tools
  • Threat modelling and risk analysis for new requirements in your project
  • Security fundamentals training for development teams
  • Ongoing verification and consulting throughout the development process

 

Future Processing - cyber security offer

Web application security assessment

A Web Application Security Assessment will help minimise the risk of data breaches which can be devastating to your business, both financially and in terms of company image.
Your web applications and servers will be examined to find security weaknesses and vulnerabilities that would give hackers an opportunity to damage or steal data processed in your system.

What will you get:

A report containing the following:

  • Test results showing found issues, with clear reproduction steps
  • An analysis of technical and business impact of uncovered vulnerabilities
  • Actionable recommendations for fixes and issue mitigation

More than just OWASP TOP 10

Beyond testing for OWASP Top 10 security risks, we go deeper to make sure that the application is safe not only from external attacks, but also from malicious actions, such as accessing or stealing personal data by legitimate users who might exploit the elevation of privilege vulnerabilities in the system.

Penetration testing

Penetration testing, also known as pen testing, or pen-test, is a security analysis of a software system performed by skilled security professionals simulating the actions of an unauthorised user or a hacker.

The Penetration Testing service can uncover potential vulnerabilities resulting from specification flaws, coding errors, system configuration problems, or other operational deployment issues.

What will you get:

A report containing the following:

  • Test results, including all discovered vulnerabilities, technical details, business impact and evidence (log of pentester’s activities)
  • Intelligence covering publicly available information relating to your company
  • Recommendations for issue mitigation and possible improvements in operational procedures
  • Re-testing of implemented fixes

Penetration testing at Future Processing:

  • External and internal services testing
  • Web and mobile applications testing
  • Vulnerability assessment
  • Configuration verification and hardening
  • Network equipment for wireless and wired networks
  • Database security controls testing
  • Firewall and ACL testing
  • User privileges escalation testing
  • Social Engineering can be a part of the process
  • Pen testing activities can be planned as recurring events (e.g. as part of predictive maintenance)

Mobile Application Security Assessment & Penetration Testing

The approach to the assessment is similar to webapps, however there are a few important differences, including various environments in which applications can run. Another layer of
experience for security specialist and equipment are needed to perform penetration testing.

What will you get:

A report containing the following:

  • Assessment results with clear “steps to reproduce” on found vulnerabilities
  • Impact on business and likelihood of findings
  • Easy to follow remedies on how to fix issues in your application
  • Gap analysis against the industry best practices

What and how do we test?

  • Security assessment can be performed on Android and iOS applications, both native and using multiplatform frameworks
  • Backend API can be included in the scope of testing
  • Manual and automated Black Box testing is performed to simulate hacker activities
  • With access to the application source code White Box testing can be performed – it often uncovers additional vulnerabilities in the application

Security training for developers

The security training is aimed at development teams that wish to increase their knowledge of protecting web applications against cyber threats.

Training suited to your needs

Our Security Training consists of a theoretical part and a workshop which contains a number of hands-on cyberattack exercises using Future Processing’s Security Training Application.

What you will learn

  • The basic concepts and mechanisms related to web application security
  • Popular cyberattack techniques, protection measures and good practices to enhance the overall application security level
  • How to translate security requirements into application design elements

The syllabus and training goals can be customised to fit your individual requirements and the training can be done remotely.

Open-source intelligence (OSINT) for organisations

What is OSINT?

During open-source intelligence (OSINT) scanning, security professionals analyse various sources available on the Internet in search for any assets (e.g. password leaks, data leaked through misconfigured services, etc.) which can negatively impact your business.

Using information found in public databases, attackers can create scenarios without being monitored or stopped by Intrusion Detection Systems. The main goal of OSINT scan is to be one step ahead, develop situational awareness, create strong foundation for Incident Response Plan and, if possible, minimise attack surface.

There is no risk for applications and infrastructure while OSINT scan is being performed as all actions are purely passive and do not interfere with any of your services.

What will you get?

A report containing the following:

  • Summary of password leaks affecting your company
  • Secrets found in mobile applications available in public application stores and/or public code repositories
  • Publicly accessible or misconfigured cloud storages (Amazon S3, Azure File Storage etc.)
  • Documents leaked through Search Engines indexing or shared to public via personal file storage services (Dropbox, OneDrive, Google Drive)
  • Data leaked through metadata of published files (user or software related data in documents, presentations and other files, GPS coordinates from photos uploaded to
    Social Media etc.)
  • Information available through service provider databases and caches (DNS, Whois, Web Archiving Tools)

A highly qualified security team

We have built a strong team of security-focused engineers who are accredited by industry-leading certifications, including: CISSP, OCSP, CEH and CCNP.

Sounds promising? Contact us to find out more.

I understand that my personal data given in the contact form above will be processed for purposes of answering my inquiry and for any further correspondence regarding this inquiry. The controller of your personal data is Future Processing. For more information, see our Privacy Policy.