Test your users to identify if there are potential weaknesses.
People are your company’s greatest assets, and also the easiest targets for hackers to pursue to compromise your systems. Many exploits have started with hackers targeting the users through Phishing and when successful moving laterally in the network. Your biggest asset is your weakest link.
Web applications are an attack surface to infiltrate your company, access confidential data and cause reputational damage to your company.
Typically, a company commissions a web app project and on completion of the project goes live. The application life development cycle goes through functional and load testing; but an application security test is not factored in. Some projects incorporate Secure Software Development Life Cycle (SSDLC) programs, but even if SSDLC is incorporated a manual Penetration test is expected at the end of the project before go live.
Identify your Infrastructure vulnerabilities and get them remediated. Malicious agents (Hackers) will attempt to infiltrate your network using these vulnerabilities. TravelEx were compromised using this method with dire consequences.
Your company's Infrastructure are classed into three categories:
External Infrastructure
Helps an Organization to identify threats, attacks, vulnerabilities and countermeasures.
Threat Modelling is a proactive security holistic view of commonly a project, or can be altered for the entire organization to get an understanding of the threats.
This work involves taking the following inputs: