Softgen Australia Pty Ltd Logo

Contact

sales@sgen.com.au

(02) 9416 0416

Address

810 Pacific Highway
Gordon NSW 2072

Social

  • LinkedIn Social Icon
  • facebook

We Help You Stay Ahead

Consulting Services & Competencies

Our services provide actionable security intelligence to organisations enabling directed action and targeted investment to secure their systems. Our security consultants understand the technology that runs your business and are specialists in vulnerability discovery and exploit development, allowing us to determine exactly what tests and attacks could and should be protected against. We specialise in performing Vulnerability Analysis and Penetration Testing of Virtualised Environments and have developed tools and methodologies to support this specialisation.

Core Competencies

Our objective is to provide our customers with solutions relevant to specific threats to their environment.
“Cyberspace is a twenty four (24) hour a day world, one in which old assumptions about geographic boundaries and time zones are obsolete. This is the one great benefit of modern technology – cyberspace is always open for business. But this also brings great challenges to those who guard our electronic borders” – Senator John Faulkner.
SoftGen’s offering includes both ad hoc and customised programs, which enable customers to move through a top down process, implementing a management framework to assist them with information security and risk. This approach is industry-aligned and practical for any organisation.

Methodology

SoftGen in conjunction with our partners have developed a unique scanning methodology that enables us to provide both Vulnerability Assessments and Verification testing using a combination of real time modelling and virtual environments to identify and prioritise risks to your network and data. This approach enables for continual testing of your environment without impacting your production systems.
The results of this type of assessment may indicate that elements of a company’s architecture need to be re assessed or re designed to provide a customised approach to their particular security requirements – one size doesn’t necessarily fit all.

Deliverables

Vulnerability Assessment

The SoftGen tailored approach to Vulnerability Assessment enables us to scan your systems to meet site requirements.Our procedures allow us to:

  • Accurately understand your real risk exposure

  • Prioritise vulnerabilities quickly and accurately

  • Report on the vulnerabilities that have been revealed

  • Provide detailed remediation steps to protect the systems

  • Implement systems to maintain remediated systems

Penetration Testing or Ethical Hacking

Penetration testing highlight which of your systems are effective in stopping hackers and which are not, providing detailed remediation advice on how to correct or mitigate the issues.
This information is critical for PCI Compliance, periodic security testing, change management and pre-purchase due diligence. Using sophisticated tools and extensive security experience, our consultants utilise brute force credential discovery, smart exploitation, password enumeration and Web application scanning as part of their testing.
A penetration test mimics the actions of an actual attacker, exploiting possible weaknesses in your network security, without the usual dangers. Reporting is provided at two levels:

  • The Executive Overview summarises and articulates technical vulnerabilities in terms of business risk and priority

  • The Technical Report provides an analysis of vulnerabilities with detailed remediation steps listed to secure your systems

Database Vulnerability Testing

SoftGen can help customers ensure that their Oracle and SQL database systems are not vulnerable to intrusion by hackers. Utilising a mix of commercial and open source tools, our consultants will run automated and hand scripted Vulnerability Assessments and exploitation tests against systems to discover the existing exposure. Testing services include:

  • Database Exploitation testing to discover weaknesses

  • Crafted SQL scripts to test against SQL injection, Cross Site Scripting and weak DB policies

  • Detailed remediation steps to secure the database and underlying infrastructure

  • Implementing remediation steps and hardening the systems

Wireless Scanning and Injection Testing

Wireless devices are increasingly being used by individuals in organisations to access corporate data. The BYOD device, which can include Laptops, Smartphone’s and tablets are often the least secure devices within an organisation. WAP’s and 3G devices have well known security issues and there are developing security threats with the 4G devices. Testing includes:

  • Wireless scan for known and rogue WAP’s

  • Initial assessment of security enabled at each WAP

  • Test authentication using known device credentials

  • Employment of packet injection to force de-authentication

  • Handshaking capture and initialisation packet analysis

  • Handshake cracking using brute-force and rainbow tables

Specialised Virtual Environment Testing

The rapid adoption of virtualisation and Private, Public or Hybrid cloud computing has radically transformed the information security landscape. To assist with understanding your current Virtual Environment posture, the Virtual Security Check provides security vulnerabilities assessment across your nominated Virtual environment.
The Virtual Security Check is conducted by deploying a purpose-build VMware/Hyper-V security appliance which is specifically customised with the latest industry standard security assessment and vulnerability testing tools. A Security consultant will remotely scan and expertly analyse your vSphere vCenter Server, ESX/ESXi or Hyper-V hosts and Guest OS images to develop a comprehensive security assessment report which identifies any critical operational and security risks discovered within your environment.

Firewall Attack Simulation and Optimisation

SoftGen has developed the capacity to simulate the affect of any attack scenario on your organisation’s firewalls. We do this by loading the rule sets of the organisation’s firewalls into a system that allows us to run simulated attacks on the systems from all entry points, to ascertain the effectiveness of the firewalls rules.
This means that we can ensure that the firewalls are protecting the key systems within your organisation and eliminate redundant and obsolete rule sets that are clogging your network.
In addition, we can perform this firewall audit in minutes. Normal manual audits can take weeks to perform, tying up valuable resources. Our service provides assurance and lower costs.