Vulnerability Assessment
Sunera’s vulnerability assessment service provides customers with an assessment of the overall security of an organization’s systems and provides a valuable baseline for determining appropriate safeguards. Periodic assessments are a requirement of many compliance initiatives and verify that new system implementations and changes to existing systems have not introduced new, unmitigated vulnerabilities to the organization.
Risk Assessment
Conducting a risk assessment is one of the most critical components of the risk management process. Identifying the magnitude of potential losses and the likelihood that they will occur are challenging tasks for any organization, but must be performed thoroughly. Sunera’s team of professionals has extensive experience conducting risk assessments for numerous clients and can help your organization conduct its risk assessment to validate that risks to all critical resources are identified and mitigated.
Physical Security Assessment
The integration of physical security and information security can no longer be overlooked. Not only is physical security a requirement of most compliance initiatives, it is a requirement of a truly complete information security protection plan. Sunera’s physical security assessment provides this integration by validating existing physical security access controls, providing recommendations for methods to improve integration between physical and information security, and implementing the recommendations.
Penetration Testing
Penetration testing activities attempt to gain access through unknown (“blackbox”), partially known (“graybox”) or known (“whitebox”) access methods to our clients physical or logical infrastructure. Penetration testing of the network perimeter is performed in accordance with an agreed upon Rules of Engagement (ROE) document. Sunera expends extensive effort to ensure the normal operation of the systems and networks is not disrupted and production data is not affected. Assessment actions will not include denial of service attacks, however, potential denial of service conditions will be identified and actionable findings and recommendations will be delivered in a concise report format.
Wireless Security Assessment
The rapid deployment of wireless networks has resulted in unprecedented exposure for organizations' systems and networks. Sunera’s wireless security assessment service analyzes current wireless configurations, identifies vulnerabilities, provides recommendations, and assists in vulnerability remediation.
Social Engineering
Sunera’s social engineering service assesses the effectiveness of security awareness, training, and education programs by attempting to gain access to an organization’s systems through non-technical means. Social engineering is a critical component of an information security assessment as it helps to identify areas of weakness in an organization that can not be addressed through technical solutions such as firewalls and intrusion prevention systems.
Secure Source Code Analysis (SCA)
Our source code analysis services leverage industry leading automated source code scanning tools with seasoned security professional expertise to thoroughly assess the quality and security of virtually any existing code base. During source code analysis reviews, our consultants provide in-depth analysis on proper mitigating techniques essential for timely, accurate and cost-effective remediation. Our assessors are also prepared to consult on topics regarding proper System Development Lifecycle (SDLC) adherence, change management procedures and other best practices paramount for a secure and efficient development team.
Web Application Security
Web Application Security reviews are comprised of both comprehensive automated analysis and targeted manual testing techniques. Our testing methodology ensures the uniform detection of common vulnerabilities such as input injection, improper session management, information disclosure and other categories mentioned within the current OWASP Top Ten vulnerability rankings and beyond. All of our deliverables include detailed descriptions, proof-of-concept demonstrations and the perceived risk and remediation effort necessary to successfully address discovered vulnerabilities.
