Information Security
/ Penetration Testing

fact technologies services.

Mobile Application Penetration testing

Our mobile application security testing will find vulnerabilities, prioritise them, and recommend remedial actions, helping you to define and mitigate your risks. We work on mobile operating systems IOS & Android, in order to cover as much as security aspects as possible to assure that your mobile application is secure. Our testing will cover the following areas:

  • Data Storage and Privacy
  • Cryptography
  • Authentication and Session Management
  • Network Communication
  • Code Quality and Build Settings
  • IOS & Android Best Practices

  • Reverse Engineering
  • Malware detection
  • API
  • Code Review
  • Best practice

Web Application Penetration testing

In order to evaluate the security of your website, Web Penetration Testing is the most efficient way to accurately identify security vulnerabilities. Due to their popularity web applications are widely deployed across the enterprise providing all kinds of services and access to business critical information to both external and internal users. Securing your web applications is critical to protect your confidential information, the integrity of your servers, infrastructure and ultimately your business. In order to achieve peace of mind on these applications, our in-depth testing covers the following areas:

  • Information Gathering
  • Configuration and Deploy Management Testing
  • Identity Management Testing
  • Authentication Testing
  • Authorization Testing
  • Session Management Testing

  • Data Validation Testing
  • Error Handling
  • Cryptography
  • Business Logic Testing
  • Code Review
  • OWASP(Top 10)

External CISO

We understand that not all organisations are large enough to employ a full-time CISO to be responsible for all Information Security related matters. FACT Technologies is able to provide one of its expert consultants on an ongoing basis to act as your company’s CISO and provide all the required guidance that your business requires when it comes to your data and business processes.

Other Information Security Services

FACT Technologies offers various ad-hoc information security assignments carries out, varying from basic high-level information security health checks to assess the level of maturity of your information security and provide recommendations, to carrying out full attack simulations such as a Red Team exercise.

Why We Believe Manual Penetration Testing is Best

Fact Technologies undertakes Ethical Hacking assignments across various environments designed to test and strengthen the IT Security posture for many companies. To deliver the best results, we combine a mix of industry tools, our own technology, combined with many years` experience in manual pen testing to ensure the very best results on-time and in-budget.

 

We believe that in order to properly assess the security of business-critical web applications vulnerability scanning is not enough. Fact Technologies consultants perform advanced penetration testing the way a hacker would in order to discover vulnerabilities that are normally not detected by automated vulnerability scanners.

 

Different frameworks, technologies and programming languages are used for implementing web applications.

It is highly recommended to evaluate the security and integrity of your applications by performing manual penetration testing in order to discover:

  • Logic flaws
  • Session handling
  • Replay attacks
  • Business logic flaws

Furthermore, automated vulnerability scanners typically report a lot of “false positives”. To determine if these vulnerabilities are valid, they have to be manually verified. By combining a vulnerability scan with manual penetration techniques, this maximises the overall coverage of testing and identifies as many vulnerabilities as possible within the allotted time frame.

The 360° Approach

Fact Technologies consultants are not simply Ethical Hacking experts, by combining penetration testing with 360° Reviews our clients are able to plot a robust IT Security strategy taking into account every vector such as insider threats, governance, policy and compliance such as ISO and PCI DSS, IT security training, incident planning & response, solutions audits and supplier risk.

Language »