Skip to main content

Information Security Testing and Assessment

Information Security Testing and Assessment

Internet has opened unlimited avenues of opportunity by enabling organizations to conduct business and share information on a global basis. However, it has also brought new levels of security concerns. It exposes valuable corporate information, mission critical business applications and consumer's private information to more risk than before. But security of your IT infrastructure is something that you cannot afford to compromise. In the area of IT Security, STQCs experience spans across technology, process and people.

Our Services:

Vulnerability Assessment :

Methodology: This is a security audit and privilege access and administrator assistance is required for configuration audit. This is done directly on the system with physical and logical access. System configuration checking and vulnerability scanning is performed to find out weaknesses, vulnerabilities and mis-configuration in the target hosts.

Deliverable: A detail report with discovered vulnerabilities, weaknesses and mis-configurations with associated risk levels and recommended actions for the risk mitigation will be submitted.

System Performance Monitoring

Today’s business systems have changed dramatically at the advent of multi-tier architecture. Organizations’ need to support 3 or more tiers involving, network infrastructure, web servers, application servers, databases, ERM systems, CRM systems, access servers etc. Troubleshooting and to find out the root causes of the performance problems is not easy for such complex systems.

STQC has launched new services to help the organizations to resolve those performance problems. STQC has acquired state of the art tools to monitor and analyze the network traffic.

To pin-point which tier is causing problems by inserting unacceptable latencies for the end users. Isolation of the fault to the application, system or network further speeds resolution and minimizes finger pointing among support groups and vendors.

Penetration Testing

Methodology: Penetration Testing (PT) is normally done remotely from public domain(Internet) and also  can be done from internal network to find out exploitable vulnerabilities from internal network. No privilege access is required. Series of testing conducted like information gathering from public domain, port scanning, system fingerprinting, service probing, vulnerability scanning, manual testing, password cracking etc. using state-of-the-art tools (commercial and open source) and techniques used by hackers with a objective to unearth vulnerabilities and weaknesses of the IT infrastructure.

Deliverable: A detail report with discovered vulnerabilities, weaknesses and mis-configurations with associated risk levels and recommended actions for the risk mitigation will be submitted. Additionally a demonstration of penetration (if possible) as a Proof of Concept (only to prove possibility and not to cause real damage) may be given.

eSecurity Assessments

Internet has opened unlimited avenues of opportunity by enabling organizations to conduct business and share information on a global basis. However, it has also brought new levels of security concerns. It exposes valuable corporate information, mission critical business applications and consumer's private information to more risk than before. But security of your IT infrastructure is something that you cannot afford to compromise. Our centre at Kolkata is equipped with the necessary tools and qualified trained devices and secure your IT infrastructure.

Application Security Assessment

Methodology: As per OWASP (ASVS, MASVS)

Deliverable: A detail report with discovered vulnerabilities, weaknesses and mis-configurations with associated risk levels and recommended actions for the risk mitigation will be submitted.