The quality of Security Assessment is more important to us and more meaningful to you. Based in Singapore, we focus more on the quality of the works.
Security issues are classified into Critical, High, Moderate and Low risk findings. Besides detailed security report with finding descriptions, proofs and recommendation, we could advise you how to fix and mitigate the security issues.
1. Penetration Testing (PT)
After Vulnerability Assessment, Penetration Testing will further help you to understand fully how your websites, mobile applications, operating systems and networks could be exploited using hackers’ techniques
| No. | Item | Description | Unit | Item Price |
|---|---|---|---|---|
| 1 | Web Penetration Testing (Web PT) | Security researchers to manually reveal security vulnerabilities in web sites. Detail security assessment report will be given. - Testing type: Grey-box - Penetration testing in both auto and manual modes - Reports with detail findings, proofs and recommendation. - Follow OWASP Web Top 10 Standard - Malicious Input Checks - Session Violation checks - Access Control Security Analysis - Testing to be done in Staging or Production environment - 2 tests and reports performed: before and after defect fixing. | 01 website | Contact us for pricing |
| 2 | Mobile Penetration Testing (Mobile PT): iOS app OR Android app | Security researchers to manually reveal security vulnerabilities in iOS and Android applications. Detail security assessment report will be given. - Testing type: Grey-box - Penetration testing in manual and auto modes - Reports with detail findings, proofs and recommendation. - Follow OWASP Mobile Top 10 Standard - Dynamic Runtime Analysis (Debugging, Memory analysis, IPC mechanisms and app components) - Network Analysis (Certificate pinning, …) - Static Analysis (Reverse Engineering) - Fuzzing APIs called from own mobile apps. - Testing to be done in Staging or Production environment - 2 tests and reports performed: before and after defect fixing. | 01 app | Contact us for pricing |
2. Vulnerability Assessment (VA)
Vulnerability Assessment is often a starting point in cyber security tests. Your websites, operating systems and networks will be scanned for known and common vulnerabilities.
| No. | Item | Description | Unit | Item Price |
|---|---|---|---|---|
| 1 | Web Vulnerability Assessment (Web VA) | Vulnerability scans use automated tools, with some manual support, to identify known weaknesses in a target enterprise. - Testing type: Grey-box - Reports with detail findings, proofs and recommendation. - Follow OWASP Mobile Top 10 Standard - Injection - Broken Authentication and Session Management - Cross-Site Scripting - Insecure Direct Object References - Security Misconfiguration - Sensitive Data Exposure - Missing Function Level Access Control - Cross Site Request Forgery (CSRF) - Using Components with Known Vulnerabilities - Unvalidated Redirects and Forwards - Testing to be done in Staging or Production environment - 2 tests and reports performed: before and after defect fixing. | 01 website | Contact us for pricing |
| 2 | OS Vulnerability Assessment (OS VA) | Security researchers to use IBM Acunetix, Rapid 7 Nexpose and Tenable Nessus to scan for security vulnerabilities in operating systems and networks. - Testing type: External Grey-box / Black-box - Automatic scan for vulnerabilities by security tools. - Reports with detail findings, proofs and recommendation. - Testing to be done in staging or production environment - 2 tests and reports performed: before and after defect fixing. | 1 block of 5 IPs | Contact us for pricing |
3. Source Code Review
Source code review is the process of auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places.
| No. | Item | Description | Unit | Item Price |
|---|---|---|---|---|
| 1 | Source Code Review | Security experts in software and security team manually review source code for security holes. Detailed reports will be provided. - Testing type: White-box - Source code review in both auto and manual modes - Reports with detail findings, proofs and recommendation. - Testing to be verified with live system in staging or produciton environment - 2 tests and reports performed: before and after defect fixing. | 01 website | Contact us for pricing |
Contact Us
Email us at info@mkcybersecurity.com or call us at +65 6707 3597 for more information.
