Cyber Security Advisory Services
- Evaluation and Product Fit Report
- Design & Implementation Documents
- Architecture Diagrams
- Standard Operating Procedures and Play Books
- User Guides and Install Guides
- Validation and Testing Documentation
Help in the Design, Architecture and Deployment of Security Products and Solutions.
Security Product Evaluations
Perform proof-of-concept activities to evaluate the product fit as per the organization requirements.
Validation and Testing
Our projects make us proud
Our Best Services
Infrastructure Risk Assessment
Application Risk Assessment
Some Case Studies and Customer’s Success Stories
Case Study on Cloud Infrastructure Security
Financial OrganizationA Fintech startup requested a configuration review of their AWS cloud environment.
- We observed multiple issues within their cloud due to misconfiguration by their developers and cloud engineers.
- Unrestricted inbound access to their environment from outside due to Network ACLs and Security Groups misconfigurations
- Unrestricted outbound access from their environment
- Data is not encrypted at rest on their EBS volumes
- Backup snapshots are not found
- Authentication issues of their APIs are observed in CloudTrail logs
- Performance alerts are observed in CloudWatch
- Certain necessary services are not enabled that tracks the configuration issues
Case Study on HackView LENS
Retail OrganizationA retail startup requested for Brand Monitoring of their organization from external perspective
- Passwords are leaked and found in dark web
- Old SSL/TLS versions are found on some applications
- Insecure software versions are being used
- Weak SSL ciphers are observed
- Compromised email ids
- Leaked code in github repositories
- Anonymous discussions on social media
- Exposed network ports
Case Study on Security Risk Assessment
Product Based OrganizationA Fintech startup requested a configuration review of their AWS cloud environment.
- Unnecessary services are enabled on their servers
- Passwords are not encrypted at rest
- Logging is not enabled on critical services
- There is no authentication on APIs when integrating with other systems and applications
- Production, QA and Development environments have unrestricted network and application access
- Test data from development environment is observed on production systems
- Administrator access was provided to developers
- Default passwords are not changed on the applications
- Password policy was not met according to standards
- Lack of SSL certificates on some services
In many organizations, Cyber Security Risk is evaluated in silos. Assessing risk in silos does not give a full perspective of the risk associated with an application as the risk is inter dependent on various factors and has to be looked into holistically by correlating the risks from multiple sources and the dependencies between them.
We at CST would like to change that paradigm by correlating the issues from various inputs and use our intelligent methodology to provide a Holistic risk view to your applications and to your environment as a whole.