ATP reviews and analyzes the network architecture, security device configurations, validates adherence to policy, and verifies consistent configuration implementation. Through executive and administrator level analysis and interviews with persons responsible for defining and managing the environment, ATP's security analysts identify risks and ensure the technical configurations, policies and standards meet the customer's business and security objectives.

Service in Action [ s h o w ]

Service in Action [ h i d e ]   Internet architecture design review to determine the resiliency, threat containment and mitigation of untested outside networks from gaining access to your internal, trusted networks and systems A comprehensive review of the security management controls covering policy, organization, personnel, asset classification and control, physical security, access control, network and computer management, business continuity, system development and maintenance, and compliance An internal network design review to determine how it effectively contains insiders based on their business function and need to access your organization's valuable information assets A security design review of internal network security components (switches, routers, remote access servers, switches, etc.) to identify exposures that could cause undesirable security exposures An internal and external network vulnerability test designed to identify risks that a hacker or trusted insider could exploit in an attempt to gain unauthorized access to the internal trusted network resources A final report defining the strengths and weaknesses uncovered in the aforementioned activities along with recommendations for tactical and strategic improvements

ATP's Web Application Penetration Assessment models specific threat scenarios in a real world environment. The assessment provides insight into methods of attack against a web based portal, e-commerce application or Web based platform at a point-in-time. We model malicious attacks threatening the security of the product and conduct blind or informed attacks on a Web application supplied by the Client. We then use penetration techniques to attempt to undermine the security features of the application. Examples of Web Application Assessment tests include but are not limited to, the following:

Service in Action [ s h o w ]

Service in Action [ h i d e ]   Bypass authentication and authorization mechanisms Modification of data or data presentation Exploit inadequate input validation controls Escalate application privileges A detailed findings report, including a prioritized issue list and recommendations for remediation of discovered vulnerabilities, is provided as the project deliverable.

ATP's Network Penetration Test emulates real world attack scenarios, identifies exploitable vulnerabilities, locates sources of data leakage, and validates exploitation. ATP's penetration testing reveals security threats from potential attackers, and provides insight into the methods of compromise against a network or group of systems. The result is a detailed analysis that serves as a roadmap to prioritize areas of weakness in your network that need attention and remediation.

Service in Action [ s h o w ]

Service in Action [ h i d e ]   Perform intrusive O/S level (penetration) testing of components that support data transport / encryption using best practice methodologies, commercial and proprietary tools Review architecture access control lists and device configuration for adequacy Identify business and technical risks inherent in the exposure A detailed findings report, including a prioritized issue list and recommendations for remediation of discovered vulnerabilities, is provided as the project deliverable.

ATP reviews and analyzes network and server configurations, network architecture, validates adherence to policy, and verifies consistent configuration implementation. Through administrator level analysis and interviews with persons responsible for managing the environment, ATP's security analysts ensure the technical configuration, policy and standards meets the customer's business and security objectives.

Service in Action [ s h o w ]

Service in Action [ h i d e ]   Internet architecture design review to determine the resiliency, threat containment and mitigation of untested outside networks from gaining access to your internal, trusted networks and systems An internal network design review to determine how it effectively contains insiders based on their business function and need to access your organization's valuable information assets A security design review of internal network security components (switches, routers, remote access servers, switches, etc.) to identify exposures that could cause undesirable security exposures A final report defining the strengths and weaknesses uncovered in the aforementioned activities along with recommendations for tactical and strategic improvements

ATP's Network Vulnerability Assessment identifies known network security risks by combining a tested and proven methodology and the most advanced tools and techniques. By modeling malicious attacks used by a hacker, ATP gathers network and device level information and extensive manual testing to discover and verify network security vulnerabilities. ATP prioritizes identified risks and provides recommendations for resolution, allowing administrators to focus on remediation efforts on areas that present the most significant risk to the organization.

ATP's external network vulnerability testing probes Internet points-of-presence and associated connected devices for known security vulnerabilities. Internal network vulnerability testing assesses network security from inside a DMZ or from within an organization or business unit. All testing uses strict controls with an emphasis on protecting each client's security and privacy.

Service in Action [ s h o w ]

Service in Action [ h i d e ]   Identify exploitable vulnerabilities in IP enabled systems Customizable testing methodology Provide guidance for and interim mitigation strategy while your organization prepares and tests patches or system configuration remedies Provide a written report of all findings and recommendations along with a conference call for discussion.