Our comprehensive Vulnerability Assessment services identify vulnerabilities, including Vulnerability Assessment and Penetration Testing for Web applications, Infrastructure, REST API and Mobile App using manual and automated testing, and Black box / White box testing. Xoriant experts will remediate and pro-actively prevent security events and data breaches.

Scope:

• Information gathering and discovery
• Application and infrastructure assessment
• White and Black Box Testing: Methodology: OSSTMM, ISSAF, NIST and OWASP
• Tool-based automated (Nessus, Burp Suite, OpenVAS) as well as manual penetration testing
• Documentation and demonstration of likely attack vectors into networks and systems included in the scope
• Quantification of the impact of successful attack through active exploitation
• The Common Vulnerability Scoring System (CVSS V3) standard is used for assessing the severity of computer system security vulnerabilities
• Risk calculations using the DREAD framework
• Detailed recommendations/resolutions for all findings
• Consulting and support for fixing vulnerabilities (Independent SOW-based on recommendations report)

To ensure you’re maximizing your Azure investment, Xoriant will assess policies, processes, procedures, technology and architectures, and define a roadmap for protecting and updating your Azure environment, including modern technologies such as AKS. Our review will help ensure compliance with Microsoft’s Azure recommended security best practices, identify non-compliance risks, and recommend mitigations.

Scope:

• Azure security policy
• Compute, storage and network
• Identity and access management
• SQL services and databases
• Operations and miscellaneous
• Reporting with recommendations
• Remediation and support services - (independent SOW)

Security becomes more challenging as organizations adopt multiple/hybrid cloud models. To reduce your exposure, we will assess your policies, processes, procedures, technology and architectures, and create a roadmap for securing your multi-cloud, hybrid, and private-cloud environments. Our experts determine compliance with recommended security best practices, identify non-compliance risks, and recommend mitigations.

Scope:

• Security policy
• Compute, storage and network
• Identity and Access Management
• Databases (RDBMS (OLTP and OLAP, Hash tables, NoSQL and Data lakes))
• Build and Release
• Operations
• Reporting with recommendation
• Remediation and support services - (Independent SOW)

With the massive increase in remote workers today, social engineering has a wider target field. Xoriant will create awareness of social engineering throughout your company, identify individual awareness and risks, and build protections against vulnerabilities.

The ISO 27001 standard mandates end-users to undergo Security Awareness training, however, there is no mechanism to assess its effectiveness. We create simulated phishing attacks that analyze user behavior/response and assess security awareness, which allows us to customize an awareness program for your users.

Scope:

• Deploy and configure a phishing framework
• Identify target users for simulated phishing attacks
• Schedule real-world phishing attacks on identified users
• Run simulated phishing attack campaigns across the organization
• Monitor user actions and responses
• Generate reports and analyze user behavior   
• Validate the effectiveness of existing security training and recommend additional training
• Provide a real-time dashboard and extensive reporting