Major services required by organizations are regular control of their complex Information Technology infrastructures and assessment of their level of preparedness against current threats through attack simulations.

With its experienced team, Biznet Bilisim provides organizations with all of the services needed in this domain in line with the methodology it has adopted. Reports generated as a result of the works include findings and improvement recommendations. Effectiveness of precautions is assessed with verification tests performed after the changes have been made in line with these recommendations.

Biznet Bilisim, as one of the first companies that received the “A-Class” Penetration Certification launched by the Turkish Standards Institute in 2015, has proved its expertise in security audits once more.

settings-icon Scada Systems Penetration Tests

  • Penetration Tests via the Internet These are control services in which an organization’s resources accessible via the Internet (dns, ftp, e-mail, web, firewall etc.) are accessed optionally with authorized or unauthorized user rights using various tools and methods to identify known and possible vulnerabilities before attackers.
  • Penetration Tests via Local Network: Security tests carried out within the local network involve accessing servers and systems audited from an organization’s local network. These audits include security scans against known gaps, security scans on applications depending on application type and system configuration controls.
  • Web Application Penetration Tests: In comparison to other web applications, web applications must be handled using more advanced methods due to their complex structure and diversity and variability of available applications. The main purpose in web application security tests is to perform controls on applications on the Internet/intranet with different user rights and according to standards defined by OWASP and identify vulnerabilities.
  • Breadth-First Security Tests: In these tests, not a specific system, server or application is targeted by an attack, but directly organization itself is selected. This way, possible activities of an attacker intending to “hack a specific organization” will be simulated.
  • Mobile Application Security Tests: The rapid increase in use of mobile devices leads to increased number of applications available for such devices. Such applications developed using different technologies may also contain vulnerabilities just as standard web applications do. These tests enable to control applications and systems developed for iPhone and Android mobile devices.
  • Database Systems Security Tests: These tests involve controlling ORACLE, MSSQL, MySQL, IBMDB2 and POSTGRESQL database systems from the perspective of authorized users and identifying elements that may cause security problems.

selftimer-icon Load Tests

  • Web Application Load Tests: Load tests on web-based applications aim to see how applications behave under different scenarios and user loads, identify maximum and optimum values that can be handled by the current infrastructure and thereby contribute to performance-enhancing precautions and identify the most vulnerable elements of an application.
  • DOS/DDoS Tests: DOS/DDoS tests are performed to see how an organization’s systems behave under different attacks aiming to disable the systems and identify possible configuration errors by measuring effectiveness of the current precautions. In DDoS tests, DDoS attacks carried out over botnet with HTTP requests sent using 1000 different IP addresses are also simulated.

speedometer-icon Security Analysis

  • General Security Situation Analysis (Gap Analysis): These are general analysis services provided by security experts in Biznet Bilisim who perform a series of interviews about organizational structure and processes, possible risks, security infrastructure, network and security topology, technologies used, applications, policies and other relevant matters.
  • Network-Based Anomaly Detection: It is a service provided to detect performance or security-based problems from an unknown source on an organization’s network and communications systems.
  • Wireless Network Security Controls: These include security controls performed on wireless network systems and its constituents used in an organization’s network.
  • Configuration Control Services for Windows- and UNIX-Based Operating Systems: These are control services that involve security control of Windows- and UNIX-based operating systems, their authorized users and current user settings.
  • Configuration Control Services for Network Equipment: This service involves security control of configuration settings of active/passive network equipment available in an organization’s systems.
  • Firewall Rule Analysis: The main tool used for Internet/Intranet security is firewall software or hardware. Today, companies allocate large budgets for firewall systems to protect their investment in critical systems. Any error or failure in rules defined may lead to undesirable connections to systems protected. Firewall rule analysis aims to identify possible risks posed by rules on firewall systems.
  • WAF/IPS Configuration Tests: These tests aim to see how effectively WAF and IPS systems work. For this, a success rate is calculated by identifying which of the attacks created with tools prepared by Biznet Bilisim experts are prevented by these systems. Then, solutions are created for problems found in the light of the data obtained to help more effective operation of the current system.
  • Web-Based Malware Analysis: This analysis involves detection of files in the traffic flow that contain malware through special software planted at certain points in an organization’s network. This analysis aims to detect malicious content in the network traffic flow such as botnet communication traffic, tunneling attempts and malware.

stack-icon Social Engineering Tests

Social engineering tests are controls aiming to identify vulnerabilities caused by end users and processes used in the organization. Even the most flawless security system may fail due to user errors. Social engineering tests involve assessment of security awareness level of end users to identify vulnerabilities in this aspect.

tools-icon Source Code Analyses

These services include examination of applications developed  in ASP.NET, JAVA, C#, C++ and PHP languages by personnel competent in security software development using static code analysis methods and identification of problems from within the code.

Time-Machine-icon Vulnerability Management System Set-up and Operation

This service includes selection, set-up and configuration of an appropriate tool and its outsourced operation when necessary.