Cyber Security Testing

Background of the field

AFourTech has a strong expertise in cybersecurity.

Previously we have worked on very large-scale enterprise applications and security solutions based on different fields like, storage, finance and healthcare.

For us Information Security is always of prime concern because if it is compromised than it would cause huge financial and reputational implications.

With so much innovation going on in cloud and IoT the threat surfaces have multiplied in the recent past. Today, hackers don’t hack for fun but they steal data and money. So, we help customers build solutions that are not only highly performing but have robust security measures implemented around information security. Our solutions target confidentiality of data, integrity of data and high availability of their information.

Problems Solved for our Customers

We have customers in all these 4 areas IoT, cloud web and mobile.

For cloud security we have helped customers to build highly secure cloud labs where their information systems are running and have provided a complete security audit report that they can share with their customers so they can instill that their solutions are safe and secure from adversaries. This cloud security project that we worked on includes architecture, designing their production, staging and Dev labs which includes virtual private centres, configuring networks, rules, security groups, policies as well as deep detailed analysis of their virtual machines to ensure that they are free from malware and any security misconfigurations. We use industrial benchmarks like CIS to evaluate security misconfigurations on their windows and Linux systems.

On web and mobile app security we basically do a pen test and provide as to which are the open vulnerabilities and which vulnerabilities have been addressed. We start from threat modelling to find the vulnerabilities in the architecture followed by reconnaissance, scanning. After exploring these vulnerabilities, we use tools to exploit these and ensure that the solution is completely safe and secure when it goes down to production.

As mentioned, we also do backend security.

Storage client: we have helped clients to architect solutions for data protection, our expertise id to provide solutions on authentication, authorization, data encryption at transit, data encryption at rest, ensuring that the data is maintained with high integrity and high availability

IoT: We started this service at the start of 2018. In IoT we evaluate the entire IoT ecosystem which includes mobile and web apps, cloud infrastructure as well as firmware. In IoT we employ techniques to extract the code from the firmware to identify security vulnerabilities in their code by exploiting business logic as well as identify sensitive information like keys credentials other sensitive settings that can be exploited.

Services we provide

At AFour technologies we are very much focused on 4 security services: Web application security, mobile application security (android/iOS), cloud infrastructure security and IoT security.

Team Composition

We have a team of 10 that includes security architect as well as penetration testers. All of them are very experienced and their background of most of the engineers are masters in information security.

Plan is to build around 20 by the end of this year.

Tools & Technologies

We use highly recommended industry standard tools which provide highly precise and detailed reports on security vulnerabilities. We use Kali Linux, Metasploit, Burp Suite, Nmap, for most of the types of applications that we work on.

Specifically for mobile we use Drozer, Android Studio, apk tools.

For cloud: For amazon we use Amazon GuardDuty, CloudTrail for audits

For IoT we have some hardware that helps us identify and extract debug logs using JTAG, UART, Bin Work for code extraction