Download presentations
Demyo, Inc. capabilities:
- Founded in 2011
- All we do is 100% InfoSec
- We speak: English, Spanish, Portuguese, Russian, Ukrainian, Lithuanian
- Web Application Penetration Testing
- Host Based Audit
- Incident Response
- Vulnerability Assessment
- Social Engineering
- Network Penetration Testing
- Team members have the following top level Information Security certifications: CISSP, GSNA, GSEC, CEH, LPT, CISA, CISM, GCIH, CCNA, GCIA, CCNP
- Consists of HIGHLY experienced team
- Digital Forensics
- Threat Intelligence
- Source Code Review
- Security Training
Web Application Penetration Testing:
- OWASP methodology
- Vulnerabilities are rated High, Medium, and Low according to risk
- Commercial, Open Source, and proprietary tools are used
- Highly technical report + executive summary 1 pager report
Network Penetration Testing:
- Internal LAN pen testing
- External WAN pen testing
- Enumerating Services
- Finding Holes
- Exploiting Holes
Host based audit:
- Security Configuration Review
- Policy Compliance Review
- Antivirus Antimalware Review
- LDAP Policies Review
- Logs Audit
Digital Forensics:
- Who, What, When?
- Making Forensic Copy
- Memory analysis
- Threat Intelligence
- Selective files analysis
- Full HDD image analysis if needed
- Building the time line
Vulnerability Assessment:
- HIPAA, PCI, SOX, GLBA, ISO compliance
- Merge and Acquisition support
- Security Best Practices
- Post Incident Support
Source Code Review:
- Greping through code for high risk functions and methods
- Manual source code review
- Automatic source code scanning tools
- Checking input validation
Incident Response:
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons Learned
Social Engineering:
- Will bypass all firewalls / Intrusion Detection Systems / Intrusion Prevention Systems / Full Packet Capture Devices and any technical means in between
- Weakest factor is still human
- How do we prevent SE?
Training:
- Instructors are HIGHLY experienced InfoSec Analysts
- Penetration Testing training
- Security Awareness training
- Technical and Managerial InfoSec training