Aksit profile final

Established in 2006

Providing services in the domain of Information Security, comprising of

• Consultancy, • Compliance, • Network Security, • Application Security, • Cyber Forensics and• IT Security Training.

Qualified, Certified Consultants

Six years, more than 1250 Web Application Security Audits

AKS IT Services

Our Services

• Consulting and Compliance – Security Consulting & Implementation– Information Risk Management – ISO 27001 :2005 Implementation– ISO-22301 Implementation– Incident Handling– Compliance With Various Guidelines

• Security Auditing– Network Security Audit– Vulnerability Assessment & Penetration Testing and – Web Application Audit– Mobile Application Audit

How We Help Our Clients

• Cyber Forensics– Media Forensics– Network Forensics– Machine / Mobile Forensics– Cyber Crime Investigation– Fraud Investigation

• Corporate Training– Security Awareness Training– Cyber Forensics Training– BCP/DR Workshop– Preparatory courses for CISSP & CISA Certification

How We Help Our Clients

Indian Computer Emergency

Response Team (CERT-In)

Controller of Certifying

Authorities (CCA)

Indian Air Force

National Technical Research

Organization

National Informatics

CentreIndian Army

A few of the organizations we are empanelled with:

Vulnerability Assessment & Penetration testing

Vulnerability Assessment Identify and understand the existing vulnerabilities Scan the targeted network(s) and host(s), based on the defined scan

policy Collect the scan results and analyze for security loopholes,

configuration errors, default installation settings, overlooked setups, password quality, firmware/software revisions, patch fixes, security policy violations etc.

Penetration Testing Testing and validation of detected vulnerabilities Provides independent analysis of your network to locate all exploitable

vulnerabilities Advise on the most effective solutions to secure network

Configuration Audit

Study and analyze the Servers, Network Devices and Security Device’s roles and configuration through configuration audit.

Understand and evaluate the loopholes in the configuration, if any. Facilitate in hardening of information systems.

Network Performance Testing Evaluate the Bottlenecks, Protocol Utilisation, Broadcasting and

Network Error in the network, identify their remedial solutions and recommend implementation of the same to mitigate identified errors.

Recommendations for Error free Network design. Top Ten Interfaces showing more bandwidth and protocol

utilisation.

GAP Analysis Our processes and methodology are benchmarked against industry

best practices and established standards. In this phase, a thorough security assessment will be carried out with two goals in mind: Identifying the present “As – Is” status vis –a – vis the desired benchmark, and their impact on Information Security. The ambit of this includes:-

Administrative Security Physical Security Logical Security Processing Security Business Continuity Management (BCM) Identify gaps in the existing controls

Web Application Security TestingThe Standard used for Web Application Security Testing is OWASP (Open Web Application Security Project). The OWASP 2010 represents a broad consensus about what are the most critical application security flaws. OWASP 2010

1. Injection Flaws2. Cross Site Scripting (XSS)3. Broken Authentication and Session

Management4. Insecure Direct Object Reference5. Cross Site Request Forgery6. Security Misconfiguration7. Insecure Cryptographic Storage8. Failure to Restrict URL Access9. Insufficient Transport layer

protection10. Invalidate Redirect and Forwards

Methodology

Understand the scope and purpose of the Website. Review the Web Application structure and specifications so as to understand the basic design of the Website.

For the Web Application under review, identify, document and understand the "high value objects" that a malicious attacker would seek to steal or exploit (e.g., user IDs, customer data, passwords).

 Devise attacks or methods using proprietary AKS IT© techniques to obtain the desired data objects.

Once Web Application security is handled, check if a valid/invalid user can use the Web Application in a manner so as to subvert the underlying security model of the system. 

Various attacks are devised on each component and then relevant vulnerabilities are demonstrated.

Core Impact – The most comprehensive penetration testing solution for assessing and testing critical security vulnerabilities throughout the organization.

Immunity Canvas – Canvas is a trusted security assessment tool that allows penetration testing and hostile attack simulations to be conducted by security professionals. Canvas offers a level of exploit quality, availability, and real-world use unparalleled by any competitors.

Metasploit – It is a solution for security professionals in enterprise, government & consulting firms who need to reduce costs by making network security testing more effective & efficient. Metasploit Pro improves the efficiency of the penetration testers by providing unrestricted remote network access and enabling teams to efficiently collaborate

Our Range of Products

Nexpose - It is a vulnerability assessment, policy compliance and remediation management solution designed for organizations with large networks which require the highest levels of scalability, performance, customizability and deployment flexibility.

Nessus - It is the industry’s most widely-deployed vulnerability and configuration assessment product. Nessus features are high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, patch management integration, and vulnerability analysis of your security posture.

Acunetix - Acunetix web vulnerability scanner is a tool designed to discover security holes  in your web applications that an attacker would likely abuse to gain illicit access to your systems and data. The application can be used to perform scanning for web and application vulnerabilities and to perform penetration testing against the identified issues.

Mobile Forensics

Oxygen Forensic Suite – It is mobile forensic software that goes beyond standard logical analysis of cell phones, smartphones and tablets. Use of advanced proprietary protocols and phone APIs makes it possible to pull much more data than can be extracted by forensic tools utilizing standard logical protocols, especially for smartphones.

Susteen Secure View 3 - It provides affluent data to the mobile phone forensic investigator or instructor with the foundation for law enforcement, military/civil, consultant, corporate, and education institutions to perform advanced, proficient mobile device investigations in corporate IT, security, or criminal situations.

Paraben’s Device Seizure - Device Seizure is designed to allow investigators to acquire the data contained on cell/mobile phones, smartphones, tablets, GPS, iPhones/iPads/iPod Touch/iPods, and PDA devices without affecting data integrity. With mobile phones, it is designed to retrieve data such as phone numbers, sms, pictures, call history, and full data dumps.

Forensic Products

Computer Forensic TD2 - This second-generation product was engineered for standalone

forensic acquisitions in both field and lab settings, natively imaging both SATA and IDE/PATA hard drives at drive limited speeds up to 9GB/min, in a 1:1 or a 1:2 (aka, “twinning”) configuration. One can image SAS, and USB storage devices with TD2 by using the Tableau Protocol Modules.

Encase - It is a investigation solution, is for forensic practitioners who need to conduct efficient, forensically sound data collection and investigations using a repeatable and defensible process

P2 Commander - It is a computer forensic solution for examiners who need affordable, reliable digital analysis for computer investigations. Built to process large volumes of data in a fast and efficient manner, P2 Commander is known for its advanced email and chat log analysis.

Continue…

Network E-mail Examiner – Paraben’s Network E-mail Examiner is an advanced network email archive analysis and conversion tool. Examine Microsoft Exchange (EDB), Lotus Notes (NSF), and GroupWise e-mail stores without the need for a long and painstaking restore process. Analyze, search, and report on pertinent data within the email database and export to many mail formats including PST. 

Chat & Email Examiner – Paraben’s Chat Examiner is another specialized component of Paraben's P2 Forensic Collection that adds one more powerful program to your toolkit. Whether your case has ICQ, Yahoo, MSN, Trillian, Skype, Hello, or Miranda you'll be able to handle whatever comes

Passware Kit Forensic - This advanced password recovery suite allows you to recover more passwords, from more programs, in a shorter amount of time using many different methods including the advanced XieveTM attack method, distributed computing, and live memory acquisition.

AKS IT provides the customized forensic workstation as per the requirements of our customer. It can be of 2 types -

One can set up forensic workstation in their lab itself .

Another one is a forensic laptop which we can carry to the crime spot for acquisition and analysis of data. It comes in a rugged carrying case.

Forensic Workstation

ALSTOM, Andhra Pradesh Technology Services Ltd (APTS), Bharti Airtel, Central Board of Secondary Education (CBSE), Ericsson, General Insurance Corporation, HCL, Indian Railways, National Informatics Centre (NIC), NTPC, Ranbaxy, TCS, WIPRO.. and many more

Some of our Clients

Thank You

AKS IT SERVICES (P) Ltd.E-52, Sector-3, Noida, 201301