Bithex NSA™ Penetration Testing, Security Assessments and Risk Assessment
Bithex NSA is a technical security assessment and penetration testing of information systems where Bithex consultants follow a detailed methodology to analyze and test for security aspects of information systems such as network servers and software.
Vulnerability scanning is performed, software misconfiguration is tested for and exploit code and methods are analyzed and executed. Firewall settings, VPN and IDS/IPS systems are tested.
Compliance to standards and regulations and risk assessments
Today, many companies are required to fullfil standards and regulations on regular security assessments and vulnerability analysis of information system properties.
Bithex NSA security assessments are useful in such cases to test for multiple requirements mandated by standards such as ISO/IEC 27001:2005, PCI DSS and others.
Sample requirements tested include controls against malicious code, information security of network services, password use, network access restriction, information leakage, control of technical vulnerabilities, annual penetration tests and more.
What’s included in Bithex NSA Security Assessments?
Bithex NSA test plan and execution covers security assessments of company’s external and internal networks, according to the customer’s wishes. Test plan components usually are:
- Network enumeration to identify hosts and network services.
- Detailed network scan and fingerprinting to identify services like http, https, smtp etc.
- Port scan attacks to analyze firewalls and network appliances.
- Vulnerability scanning to identify breaches and malicious code like trojans, backdoor and more.
- Search for vulnerabilities in online vulnerability databases.
- Penetration testing on external and internal networks
- Security assessment of web applications (Bithex WSC).
- Code review of web applications.
- WiFi network security assessment and testing.
- Firewall and VPN security testing.
- Internal network testing with different user access roles on company networks.
- Assessment of access to critical network equipment on customer premises.
- Issue and risk classification according to Bithex Security Issue Risk Level Definition.
Tools and Methodology
Bithex consultants follow documented procedures in execution of security assessments. The Bithex NSA methodology is largely built around standards and best practice on information security testing, such as OSSTMM, NIST-SP800-115 and OWASP Testing Guide.
Procedures are both automated and manual in many scripted steps. Many different tools and methods are used, depending on the information systems at hand.
Price for Bithex NSA security assessments and penetration testing depends on the scope and network size. Please contact us for more details and a price quote.