Eliminate All Vulnerabilities
If security risk is a function of cyber threats exploiting security weaknesses to cause harm, we believe that taking care of your vulnerabilities is the only factor firmly within your control.
Web & Mobile Apps Tested
Network & Servers Tested
Latest blog articles
Aviation Sector Subject to New Cybersecurity Requirements as Emergency Powers Invoked
The TSA order to the aviation sector is part of this general blitz of new cybersecurity requirements among critical infrastructure companies, but also comes as the industry is seeing increasing number of attacks.
Members of Congress May Have Had Sensitive Personal Information Exposed in Health Data Breach
A health data breach at a Washington DC medical insurance marketplace has caused a great deal of concern as it appears that members of Congress were among the compromised parties, who appear to number about 170,000 in total.
EPA Mandate Pushes Public Water Systems to Adopt New Cybersecurity Requirements
The new EPA cybersecurity requirements are extensive. Some public water systems will undoubtedly have a lot of work on their hands, as some of the smaller ones across the country have never had any kind of cyber defense program prior to this.
Not sure what you need? Get started with a Free Vulnerability Scan.
3 ways to prevent vulnerabilities
1 Update your systems
Studies have shown that hackers start scanning for vulnerable systems within minutes following announcements of critical vulnerabilities.
On March 2, 2021 when Microsoft disclosed three zero-days, hackers started scanning for vulnerable Exchange Servers within five minutes.
Keeping your servers and network devices updated with the latest security patches must be a top priority for all organizations. Start with your public internet-facing assets before taking care of the devices sitting on your internal network.
2 Apply secure configurations
One of the top causes for data breaches is misconfiguration.
In 2019, researchers connected 10 systems around the world to the internet with common configuration errors. The first system was attacked in less than one minute. And a 2020 study found almost 10,000 unsecured databases exposing more than 10 billion data records including personal data such as email addresses, phone numbers and account logins.
Make sure your servers, databases and applications are properly configured. You can refer to vendor security guidelines or the CIS Benchmarks.
3 Write secure code
Fact: Software vulnerabilities are a result of bad coding practices and errors.
With millions of people are producing code every day, it’s inevitable that vulnerabilities are introduced into our technology environment. Windows 10 has about 50 million lines of code and around 2,500 publicly reported vulnerabilities as of 2021, or 0.05 vulnerabilities per 1,000 lines of code.
Whether you have a team developing code in-house or outsourcing software development, ensuring secure coding practices and standards is essential in reducing the number of security bugs in your applications. Start with resources available from NIST and OWASP to build your secure coding practices and standards.
More than 100K reported vulnerabilities in last 5 years
More than 100,000 vulnerabilities were reported for commonly used software over the last five years. This is an average of 2.5 vulnerabilities published every hour. In 2019 alone, 1 out of 3 vulnerabilities was given a High or Critical severity rating.
In a 2020 study, 14% of vulnerability exploits were publicly available before the vendor released security patches, and another 23% were available within the first week.
5 ways to detect vulnerabilities
1 Vulnerability Assessment
Use a vulnerability scanner to analyze your environment for vulnerabilities. The scan should include all your servers, network devices whether they are located within your premises or hosted in the cloud.
Best practices suggest running vulnerability scans at least on a quarterly basis.
2 Penetration Testing
A penetration test simulates the tools and techniques of an attacker to detect and exploit vulnerabilities. This approach conducted by a skilled professional helps you identify possible attack routes and securities vulnerabilities that may not be found from vulnerability assessments.
Most industry standards recommend a penetration test on your network, web and mobile applications at least once a year and after major changes.
3 Configuration Review
Configuration reviews can help ensure that servers and network devices are securely configured, and alert you to any errors and misconfigurations.
While vulnerability assessments and penetration testing provides an analysis from an external point of view, configuration reviews provide an in-depth view from within your servers and network devices.
4 Secure Code Review
Security weaknesses introduced by software developers may not be easily detected by vulnerability assessments and penetration testing.
Reviewing the source code of your custom-built applications for vulnerabilities or malicious code helps prevent security issues from going into production and is an important part of a secure development lifecycle.
5 Private Bug Bounty Program
While penetration testing is one of the most effective way to discover vulnerabilities, you are still limited by the knowledge, capability and experience of the team. No one can claim to be able to identify every possible vulnerability in a software.
Enlisting the help of the white hat community to hunt for security bugs provides you with greater diversity and broader perspectives. And you pay for results, not for time.
Almost 40% of data breaches involved hacking
According to Verizon’s 2021 Data Breach Investigations Report, almost 40% of the more than 5,000 data breaches analyzed in 2020 involved hacking. The malicious activities include exploiting vulnerabilities, using stolen credentials and brute forcing.
And more than 50% of attacks are targeted at web application servers.
Yes, we are CREST accredited
Our core team is based in Singapore and consists of CREST certified penetration testers who are also Offensive Security Certified Professional (OSCP) certified. The team has delivered numerous penetration testing projects for customers in Singapore and other locations, from large multinational enterprises to small and medium business, and across various industries.
How can we help?