Website Under Maintenance

We are currently performing some maintenance on the website. It will be back online shortly.

Security Archives - Security Marketplace https://ecylabs.com/marketplace/product-tag/security/ Flexibile and Cost Effective Security Assessment Solution! Tue, 07 Mar 2023 05:28:14 +0000 en-US hourly 1 https://wordpress.org/?v=7.0 https://ecylabs.com/marketplace/wp-content/uploads/sites/3/2022/03/cropped-ecy_circle_80x80-32x32.png Security Archives - Security Marketplace https://ecylabs.com/marketplace/product-tag/security/ 32 32 ACSC Baseline Compliance Check https://ecylabs.com/marketplace/product/acsc-baseline-compliance-check/ Wed, 02 Mar 2022 12:42:10 +0000 https://ecylabs.com/marketplace/?post_type=product&p=146 The Australian Cyber Security Centre (ACSC) produces the Information security manual (ISM). The purpose of the ISM is to outline a cyber security framework that organisations can apply, using their risk management framework, to protect their information and systems from cyber threats. You can leverage eCyLabs ACSC Baseline Compliance Check profile to scan and ensure that the default operating system and application configurations are according to the industry standard. Read More

The post ACSC Baseline Compliance Check appeared first on Security Marketplace.

]]> Selecting operating systems is Important for an organization to secure-by-design principles, secure programming and maintaining the security of their products. ACSC Baseline scan will assist not only with reducing the potential number of security vulnerabilities in operating systems, but also increasing the likelihood that timely patches and remediation.

ACSC within the Australian Signals Directorate (ASD) to help organizations to develop effective risk management frameworks. So, it is capable of protecting its information and systems from cyber threats.

 

 

The post ACSC Baseline Compliance Check appeared first on Security Marketplace.

]]> CJIS Baseline Compliance Check https://ecylabs.com/marketplace/product/cjis-baseline-compliance-check/ Wed, 02 Mar 2022 12:42:10 +0000 https://ecylabs.com/marketplace/?post_type=product&p=147 The Criminal Justice Information Services, or CJIS compliance, is perhaps one of the most important compliance standards of all. This compliance is what keeps professionals in criminal justice and law enforcement (at local, state, and federal levels) in agreement with standards for data security and encryption. eCyLabs provides CJIS Baseline Compliance Check profile for scanning and to ensure that the baseline security defined in your specific server is attached to CJIS compliance. Read More

The post CJIS Baseline Compliance Check appeared first on Security Marketplace.

]]> Criminal Justice Information Services (CJIS) protects private or sensitive information gathered by local, state, and federal law enforcement agencies. This could include fingerprints, criminal background information, copies of private documents, or anything else that could be classified as sensitive. CJIS is the largest division of the FBI, incorporating key departments like National Crime Information Center (NCIC), Integrated Automated Fingerprint Identification System (IAFIS), and the National Instant Criminal Background Check System (NICS). Each of these departments is privy to sensitive information gathered by law enforcement agencies to perform background checks. As part of CJIS compliance, organisations must keep this information protected, whether it stored or transferred to another party. While portions of CJIS policies focus on the hard copies of sensitive information, there are also protections for digital information.

The post CJIS Baseline Compliance Check appeared first on Security Marketplace.

]]> Penetration Testing for Web https://ecylabs.com/marketplace/product/penetration-testing-for-web/ Wed, 02 Mar 2022 12:42:09 +0000 https://ecylabs.com/marketplace/?post_type=product&p=133

eCyLabs automated penetration testing helps to test the risk of OWASP Top 10 Web Application Security Risks. Many security flaws in the OWASP Top 10 list can be identified with our automated tool. To perform deep inspection specific to your application type, you can also engage our security experts to fine tune risk detection logic for your application and bring more results. Read More

The post Penetration Testing for Web appeared first on Security Marketplace.

]]> Overview

Penetration testing helps to identify malicious behaviours or patterns by simulating an external attacker’s view. In the context of web application security, pen testing is commonly used to augment a web application firewall (WAF). eCyLabs Pen testing scan profiles leveraging OWASP Detection Logics and its widely used, often in conjunction with connected systems such as servers, networks, devices, to endpoints.

Many of the security flaws in the OWASP Top 10 list can be identified with our tool such as,

– Injection

– Broken authentication

– Sensitive data exposure

– XML external entities (XXE)

– Broken access control

– Security misconfigurations

– Cross site scripting (XSS)

– Insecure deserialization

– Using components with known vulnerabilities

– Insufficient logging and monitoring

 

Pen testing follows with below stages:

  • Explore – The tester attempts to learn about the system being tested. This includes trying to determine what software is in use, what endpoints exist, what patches are installed, etc. It also includes searching the site for hidden content, known vulnerabilities, and other indications of weakness.
  • Attack – The tester attempts to exploit the known or suspected vulnerabilities to prove they exist.
  • Report – The tester reports back the results of their pen test including the vulnerabilities, how they exploited them and how difficult the exploits were, and the severity of the exploitation.

The post Penetration Testing for Web appeared first on Security Marketplace.

]]>