Accreditations & Accolades | Life at Zettawise | Media Center

Solutions

IT & OT Security Assessment

The Approach and Methodology

Vulnerability Assessment & Penetration Test

Security Posture Assessment of the Digital Environment of an organisation is the assessment of the security status of the digital network and its asset inventory to determine its level of preparedness to prevent, detect, mitigate or remediate security events. It includes number of policies, procedures, and measures to protect the information infrastructure from threats and risks. The objective of such an assessment is to build maturity in the organisation's cyber resilience strategy to minimise the risk of cyber-attacks and data breaches.

Zettawise

Common Vulnerabilities Use Cases

We conduct Vulnerability Assessment of Industrial Control System (ICS) by:

  • Checking Network Configuration
  • Architecture Review
  • Netflow Analysis

Security, Agility, Speed

We have adopted the following testing approach for the same

Whitebox Testing

  • Credential Testing.
  • Full visibility into the inner workings of the asset.
  • Sharing full network and system information.
  • Simulates a targeted attack on a specific system.

Greybox Testing

  • Blackbox testing + Credentialed testing.
  • Limited information is shared with the tester.
  • Simulate either an insider threat or an attack that has breached the network perimeter.

Blackbox Testing

  • Zero visibility into the asset's functions and workflows.
  • No knowledge of the codebase or infrastructure.
  • Most authentic as tester demonstrates how an adversary with no inside knowledge would target.

Some common tools being used

Testing Standards/Framework Followed

Use Cases

Foreign Government

The Government of one of the GCC countries has created a smart channel where using Smart Gates, their citizens and residents can pass through by simply looking at the green light, with no need to scan any identification document. The security of this system is of paramount importance because this would have a direct impact on national security.
Zettawise did end-to-end security testing for the smart channel. It included about two dozen web apps, a similar number of third-party integrations and APIs and a couple of mobile apps.

Healthcare

One of our clients in the GCC region provides a quality healthcare system in Dubai by setting and ensuring policies and strategies for healthcare in public and private hospitals and clinics in Dubai. It has created a unified Medical Fitness System which is being used by Registered Companies and Typing Centers.
Zettawise is conducting the Vulnerability Assessment and Penetration Testing of the applications and infrastructure associated with this portal. This includes multiple associated applications, over 30+ user roles and other supporting digital infrastructure.

Financial Institution

A fintech company in is dedicated to electronic payments. It offers customers various services to consumers such as e-wallet, direct payments, eCash and other multiple channels. It also helps merchants accept payment using these channels, online payments, provides point of sales machines and analytics of transactions. It has tied up with over 40+ government and semi-government entities for easier payment using the e-wallet.
Zettawise conducted an assessment on the security of the various applications of that company including customer portal, merchant portals, back office, mobile apps APIs, V1 and V2 of the payment APIs. In addition, the security of the infrastructure supporting the above was also tested.

Let’s Talk About How We Can Help You Secure Information your Assets!

Talk to us

+91-79808 89376

Sent e-mail

contact@zettawise.in