Security Assessments

The Manisec Corporation provides a variety of security assessment services.  Most assessments can be conducted from the perspective of an outside threat, an insider with elevated access to infromation assets, or a hybrid engagement covering multiple attacker perspectives.  Work can be conducted with anywhere from very little information provided to the analysts (black box testing to emulate the steps an external attacker without privileged access to client information) to full information including system configurations and application source code for review and use in the testing and analysis.

Our most popular assessment service offerings include:

Security Posture Overviews:  Manisec will review an organization's overall information security posture by reviewing policy documents, network diagrams, Active Directory architecture and GPOs, and firewall and security system designs and configurations in order to assess and report on the overall security posture and preparedness of the target organization

Network Security Assessments:  Manisec will map out in scope networks and probe any available services in attempt to discover and document any vulnerabilities present.

Web Application Security Assessments:  Manisec provides multiple services to help identify and mitigate risks prevalent in many web applications.  The migration of business systems to web applications using both available tools and subsystems, as well as custom bespoke code from various sources, has led to explosive growth in the targeting and exploitation of these applications.  By their very nature they're accessible (be it internally or by the internet at large), and they perform business critical functions interacting with equally critical business data.  Manisec offers everything from black box web application engagements from an outsider's perspective to white box testing where the testers review source code, leverage provided login credentials, etc. and everywhere in between.  This allows clients to determine the scenarios they want tested and how timeframe and depth of analysis the assessors will employ in order to unveil risks within the target application.

Wireless Assessments:  Manisec will perform a site survey, examining an organization's wireless infrastructure as seen over the air.  In addition, Manisec will review the overall wireless architecture and review wireless device configurations to insure a secure deployment.

Penetration Testing:  Manisec offers deeper testing, beyond simple identification of potential vulnerabilites, in the form of penetration testing.  These services validate potential security issues as well as potentially exposing additional attack surfaces, often only visible from a compromised "foothold" system(s) within the environment.  Full details of successful exploitation and how any access gained was able to be further leveraged against the target organization are provided, in addition to thorough mitigation plans to help address identified risks.

Social Engineering:  Manisec can help validate the effectiveness of personnel training and awareness efforts by testing one of today's most prevalent attack organization's own employees.

Customized Engagements:  Manisec can custom tailor services to meet the individual assessment needs of its clients.