We will protect your
business from digital
crimes and new threats!
Test the real level of security of your
company's information systems!
company's information systems!
We do more than what is agreed upon
Certified specialists
We guarantee results
Areas of work
Security assessment services
− Web applications
− Mobile applications
− Remote banking systems
− Other information systems
− Mobile applications
− Remote banking systems
− Other information systems
Penetration testing
− External IT infrastructure
− Internal IT infrastructure
− WiFi networks
− Using social engineering methods
− Internal IT infrastructure
− WiFi networks
− Using social engineering methods
Continuous monitoring
− Vulnerability and current threat monitoring of IT infrastructure
− IT asset management and change monitoring
− Continuous work of experts in risk analysis and modeling
Load testing services
− Performance Testing
− Stability / Reliability Testing
− Stress Testing
− Volume Testing
− Stability / Reliability Testing
− Stress Testing
− Volume Testing
Building and maintaining secure development processes
− Consulting on building the SSDLC process
− Implementation of security criteria and the SSDLC process
− Supporting the existing secure development process
− Virtual CISO
Computer forensics
− Incident response
− Incident Investigation
− Recommendations for developing security policies
− Incident Investigation
− Recommendations for developing security policies
Why trust Armourix Security?
Long-term expertise
A deep understanding information security market and practical expertise in information security in all major business sectors allow the company’s specialists to offer the best solutions for customers
Operation speed
Prompt response to company requests. Armourix Security has clearly structured project processes and formed working groups for any type of task
Multitasking
Our experienced professionals will help your business grow by introducing new operating technologies
Work beyond the contract
The team develops solutions, and does not earn money from the customer. Specialists always perform the maximum possible volume of tasks, and not the required minimum
Individual approach
The Armourix Security service pool will be able to satisfy a wide range of information security needs. We will offer non-standard approaches to solving any non-trivial, complex or local problem
International work standards
Reliance on best practices and world-class requirements WASC, NIST, OWASP guarantee the use of modern international standards in work
Armourix Security: Cybersecurity Threat Assessment and Consulting
- connection to the selected network segment
- traffic analysis of data link and network layer protocols
- instrumental scanning of internal network resources
- searching for vulnerabilities on detected resources
- carrying out network attacks, obtaining local and domain accounts, increasing privileges
- analysis of results and preparation of recommendations
- Detecting security flaws in web apps, e-commerce platforms, and other software
- Detecting vulnerabilities in compliance with international verification standards
- Detecting architectural features of applications that affect the security of business processes and operational results
- source code assesment for possible vulnerabilities and flaws influencing security and(or) app efficiency
- assesment of the app build security level
- OWASP MASVS L1/L2/R mobile app assesment
- Verification of the use of cryptographic systems
- Analysis of the authentication system and session management
- Evaluation of the level of security of network interaction and interaction with the operating system
- Analysis of code quality and build settings (conducted as a separate "white box analysis" service)
- Assessment of resistance to client-side attacks
- port scanning and identification of services using them
- identification of software and technologies in use
- manual search and analysis of application vulnerabilities based on OWASP ASVS classification
- exploiting vulnerabilities
- analysis of results, vulnerability classification, and development of recommendations
- consulting, support, and participation in secure development processes of company software products
- assessment and analysis of the current status of company software products
- implementation of automated analysis tools
- Mapping the adoption of SSDL practices
- Simulating a real APT group attack to evaluate the actual level of preparedness of company IT specialists and the reliability of information security systems
Comprehensive assesment of system performance
testing results:
testing results:
- determining maximum achievable performance indicators in line with demands for quality of service, response time and so on.
- detecting possible service failure risks
Analysis of employee behavior and evaluation of their potential resistance to attacks using social engineering methods:
- email phishing campaigns
- targeted communication through social networks and messengers
- personal calls (phone, Skype)
- distribution of media with provoking data
- evaluation of physical perimeter bypassing (covert copying of access control system keys)
- Identification of the source of attack on a company and investigation of the incident root causes. During the investigation, attack aftermath is eliminated and a number of prevention measures for similar incidents are formed
Why do companies need to audit the security of information systems?
- Money lossCompanies may spend up to 50% of the revenue on damage control. Full recovery may take from two to seven days’ worth of downtime
- Reputation lossFailing to take prompt measuring to handle a breach results in lower customer loyalty, bad media rep, thus leading to poor business operations
- Organize effective protection of the internal perimeter and external circuitThe audit will allow you to analyze how and with what type of attacks an intruder can penetrate the system. As a result, you can protect yourself from possible threats
- Optimize protection costsCompiling a ranked list of potential threats to the company's security will allow you to concentrate efforts primarily on eliminating critical threats and prevent financial losses
How is work on a project going at Armourix Security?
We help develop young architecture companies and teams that innovate urban planning
1) Acquiring input data
Acquisition and validation of the Customer input data
2) Preparation
Studying the test object, gathering information about the target, coordinating additional information obtained during the investigation
3) Penetration testing / security analysis
Investigating the business logic of the application, identifying "weak spots" in application mechanisms, searching for vulnerabilities, and preparing exploitation examples
4) Compromise Scenarios
Creating possible application compromise scenarios using the collected data to demonstrate potential threats and security risks
5) Criticality Analysis
Identifying critically dangerous potential threats and developing a step-by-step plan to mitigate them
6) Recommendation Development, Report Formation
Providing an audit report with practical recommendations for reducing cybersecurity risks
7) Support
Providing advisory support based on the results of the security audit, assisting with implementing recommendations, and rechecking the vulnerability fixes
What methods does Armourix Security use in its work?
PTES
Penetration Testing Execution Standard: approaches and guidelines for the main aspects of testing
MITRE ATT&CK
Adversarial Tactics, Techniques, and Common Knowledge, used for risk assessment, prioritization, and defense efforts
WASC
Web Application Security Consortium, classification of vulnerabilities and attack classes leading to compromis
CIS standards
Set of indicators, methods, and recommendations for assessing the security of IT systems
OWASP
Open Web Application Security Project, a list of the most critical security risks for web and mobile applications according to the global expert community
PCI DSS
Payment Card Industry Data Security Standard, international standard for data security and protection of payment cards
CVSS
Common Vulnerability Scoring System, an open standard for assessing the severity of vulnerabilities
ISSAF
Information Systems Security Assessment Framework, standard for technical assessment of security aspects in applications, information systems, and networks; describes security audit measures
Methodology PETA
Project-oriented approach to testing information systems
OSSTMM
Open-Source Security Testing Methodology Manual, describes the visual representation of major security categories
Any questions?
Consult with us!
Consult with us!
WE ARE ALWAYS OPEN FOR COMMUNICATION
security@armourix.am
