Services

Penetration Testing

Here, at SPaWn Corp, we believe offense is the best defense. Using our offensive methodology, we help organizations identify their weaknesses by simply hacking them. This enables organizations to understand their flaws, prioritize vulnerabilities and minimize risks associated with IT assets.
We use a variety of tools for Gathering Information, Vulnerability Identification and Exploitation. The automated scans are good at finding known and common vulnerabilities, therefore during engagements we develop our own scripts and attacks for finding complex security issues and application specific flaws. We also use our own risk rating scale to rank and prioritize the identified vulnerabilities.
Our methodology do include exploitation, but due to its disruptive nature some clients may elect to omit this phase and have only vulnerability assessment performed. For clients that require a proof of concept, we then exploit the vulnerabilities serving as proof once the initial findings are verified.
Our pentesting services include:
  • External Penetration Testing
  • Internal Penetration Testing
  • Application Penetration Testing
  • Mobile App Penetration Testing
  • Social Engineering Campaigns
  • Physical Penetration Testing
  • Vulnerability Scanning
Here, at SPaWn Corp, we believe offense is the best defense. Using our offensive methodology, we help organizations identify their weaknesses by simply hacking them. This enables organizations to understand their flaws, prioritize vulnerabilities and minimize risks associated with IT assets.
We use a variety of tools for Gathering Information, Vulnerability Identification and Exploitation. The automated scans are good at finding known and common vulnerabilities, therefore during engagements we develop our own scripts and attacks for finding complex security issues and application specific flaws. We also use our own risk rating scale to rank and prioritize the identified vulnerabilities.
Our methodology do include exploitation, but due to its disruptive nature some clients may elect to omit this phase and have only vulnerability assessment performed. For clients that require a proof of concept, we then exploit the vulnerabilities serving as proof once the initial findings are verified.
Our pentesting services include:
  • External Penetration Testing
  • Internal Penetration Testing
  • Application Penetration Testing
  • Mobile App Penetration Testing
  • Social Engineering Campaigns
  • Physical Penetration Testing
  • Vulnerability Scanning

Audit and Compliance

We, at SPaWn Corp, carry out comprehensive and detailed audit and reviews through an examination of the management controls within an information technology infrastructure. It is done by gathering and evaluating evidences to check if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization goals and objectives.
We also assist in streamlining compliance with respect to information technology, which can be viewed as an added value to the business, where risk is mitigated, efficiency is enhanced, and external audit costs are reduced.
Our audit and compliance services include:
  • PCI DSS Compliance Program
  • Call Centre PCI Compliance
  • PA DSS Compliance Program
  • P2PE Solution
  • PCI Compliance Readiness
  • Payment Systems Security Audit
  • InfoSec Compliance
  • NFC Security Assessment
  • Risk Assessment
  • IT Controls Audit
We, at SPaWn Corp, carry out comprehensive and detailed audit and reviews through an examination of the management controls within an information technology infrastructure. It is done by gathering and evaluating evidences to check if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization goals and objectives.
We also assist in streamlining compliance with respect to information technology, which can be viewed as an added value to the business, where risk is mitigated, efficiency is enhanced, and external audit costs are reduced.
Our audit and compliance services include:
  • PCI DSS Compliance Program
  • Call Centre PCI Compliance
  • PA DSS Compliance Program
  • P2PE Solution
  • PCI Compliance Readiness
  • Payment Systems Security Audit
  • InfoSec Compliance
  • NFC Security Assessment
  • Risk Assessment
  • IT Controls Audit

Secure Code Review

The practice of security code review helps software development teams find code bugs early in their development cycle. A good code review methodology using automated analysis and manual inspection helps organizations to remediate many vulnerabilities before a software is fully developed.
We perform security code reviews by using multiple automated tools, including static and dynamic testing tools, as well as manual inspection. Since the studies have shown that even if all static analysis tools available in market today are used by the software team, still their combined results can only identify roughly 40 percent of security bugs within an application.
Therefore, we at SPaWn Corp not just rely on the outputs of automated tools, but validate and manually inspect the code to overcome their limitations. By applying our prior experience, knowledge of business logic, use and abuse cases, we can reduce the likelihood of false positives and false negatives. However, manual methods are labor intensive and expensive.
By using our approach of automated reviews combined with manual inspection enables us to identify security vulnerabilities in an efficient and cost effective manner.
The practice of security code review helps software development teams find code bugs early in their development cycle. A good code review methodology using automated analysis and manual inspection helps organizations to remediate many vulnerabilities before a software is fully developed.
We perform security code reviews by using multiple automated tools, including static and dynamic testing tools, as well as manual inspection. Since the studies have shown that even if all static analysis tools available in market today are used by the software team, still their combined results can only identify roughly 40 percent of security bugs within an application.
Therefore, we at SPaWn Corp not just rely on the outputs of automated tools, but validate and manually inspect the code to overcome their limitations. By applying our prior experience, knowledge of business logic, use and abuse cases, we can reduce the likelihood of false positives and false negatives. However, manual methods are labor intensive and expensive.
By using our approach of automated reviews combined with manual inspection enables us to identify security vulnerabilities in an efficient and cost effective manner.

Digital Forensics and Breach Assessement

During the past few years, cyber-attacks have continued to evolve in both scope and sophistication, and threats of breach for organizations are always present. For many companies, it is a struggle to understand whether a breach is actively going on or if it has happened in the past. A security breach can occur in a number of ways regardless of a disgruntled employee, hacker, malicious insider or a full scale malware phishing campaign.
SPaWn Corp breach assessment and digital forensics services focuses on core areas of servers, endpoints and network devices to determine whether a breach has occurred within the infrastructure. We analyze the traffic from components of those key areas and, with manual inspection as well as forensics techniques, determine the active behavior or dormant presence of malware, rootkits or backdoors in the organization.
To ensure that our clients sustain minimum damages after a breach, we prepare an investigative report that can be used for insurance claims, and also assist our clients as an expert witness for litigation support in the court of law.
During the past few years, cyber-attacks have continued to evolve in both scope and sophistication, and threats of breach for organizations are always present. For many companies, it is a struggle to understand whether a breach is actively going on or if it has happened in the past. A security breach can occur in a number of ways regardless of a disgruntled employee, hacker, malicious insider or a full scale malware phishing campaign.
SPaWn Corp breach assessment and digital forensics services focuses on core areas of servers, endpoints and network devices to determine whether a breach has occurred within the infrastructure. We analyze the traffic from components of those key areas and, with manual inspection as well as forensics techniques, determine the active behavior or dormant presence of malware, rootkits or backdoors in the organization.
To ensure that our clients sustain minimum damages after a breach, we prepare an investigative report that can be used for insurance claims, and also assist our clients as an expert witness for litigation support in the court of law.

Deliverables

A consolidated e-report is what you get on the completion of the work. It will include analysis of current state baseline of the assessed entity and future process model that needs to be adopted to attain an adequate level of assurance.
For managerial staff, high-level sections in the e-report will include:
  • Purpose of the engagement
  • Scope and approach of the project
  • Security controls identified
  • Risk mitigation strategy to avoid recurrence of issue
For technical staff, detailed sections in the e-report will include:
  • Sufficient appropriate pictorial evidence
  • Technical description of the issue
  • Recommendation for remediation of weakness
A consolidated e-report is what you get on the completion of the work. It will include analysis of current state baseline of the assessed entity and future process model that needs to be adopted to attain an adequate level of assurance.
For managerial staff, high-level sections in the e-report will include:
  • Purpose of the engagement
  • Scope and approach of the project
  • Security controls identified
  • Risk mitigation strategy to avoid recurrence of issue
For technical staff, detailed sections in the e-report will include:
  • Sufficient appropriate pictorial evidence
  • Technical description of the issue
  • Recommendation for remediation of weakness