Background of the Field
AFourTech has strong expertise in cybersecurity.
Previously we have worked on very large-scale enterprise applications and security solutions based on different fields like storage, finance, and healthcare.
For us, Information Security is always of prime concern because if it is compromised, then it would cause substantial financial and reputational implications.
With rapid innovation going on in the cloud and IoT, the threat surfaces have multiplied in the recent past. Today, hackers don’t hack for fun, but they steal data and money.
So, we help customers build solutions that are not only high performing but have robust security measures implemented around information security.
Our solutions target confidentiality of data, the integrity of data, and high availability of their information.
Problems Solved for our Customers
We have customers in all these four areas IoT, cloud, web, and mobile.
For cloud security, we have helped customers to build highly secure cloud labs where their information systems are running. We have also provided a complete security audit report that they can share with their customers to be rest assured that their solutions are safe and secure from adversaries.
This cloud security project that we worked on includes architecture, designing production, staging, and Dev labs. It included virtual private centers, configuring networks, rules, security groups, policies as well as in-depth detailed analysis of their virtual machines. Also ensured that they are free from malware and any security misconfigurations. We use industrial benchmarks like CIS to evaluate security misconfigurations on their windows and Linux systems.
On the web and mobile app security, we do a pen test and provide a report on open vulnerabilities and already addressed vulnerabilities.
We start from threat modeling to find the vulnerabilities in the architecture followed by reconnaissance, scanning. After exploring these vulnerabilities, we use tools to exploit these and ensure that the solution is entirely safe and secure when it goes down to production.
As mentioned, we also do back-end security.
Storage: We have helped many clients to architect solutions for data protection. Our expertise is to provide solutions on authentication, authorization, data encryption at transit, data encryption at rest. At the same time ensuring that the data is maintained with high integrity and high availability.
IoT: We started this service at the start of 2018. In IoT, we evaluate the entire IoT ecosystem, which includes mobile and web apps, cloud infrastructure as well as firmware.
In IoT, we employ techniques to extract the code from the firmware to identify security vulnerabilities in their system. It’s done by exploiting business logic as well as by identifying sensitive information like keys, credentials and other sensitive settings that are vulnerable.
Services we Provide
At AFour Technologies, we primarily focus on four security services: Web application security, mobile application security (android/iOS), cloud infrastructure security, and IoT security.
We have a team of 10 which includes security architects as well as penetration testers. All of them are very experienced, and the background of most of the engineers are masters in information security.
The plan is to build a team of around 20 by the end of this year.
Tools & Technologies
We use highly recommended industry standard tools which provide highly precise and detailed reports on security vulnerabilities. We use Kali Linux, Metasploit, Burp Suite, Nmap, for most of the types of applications that we work on.
Specifically, for mobile, we use Drozer, Android Studio, apk tools.
Cloud: For amazon, we use Amazon GuardDuty, CloudTrail for audits.
IoT: We have some hardware that helps us identify and extract debug logs using JTAG, UART, Bin Work for code extraction.