OFFENSIVE SECURITY

OFFENSIVE SECURITY

 

 A broad and experienced attack team which brings with it understanding of the attacker and current knowledge in the methods used by hackers.

At the BDO Cybersecurity Center in the field of offensive services in Israel and abroad, clients can be found in all sectors of the industry, including hi-tech companies, government agencies, health bodies, banks and start-ups.

  • Red-Team Attack Simulations - examination of the physical, technological and human space in the organization.
  • Application Security – Penetration testing for application systems on all platforms (Web, Mobile, Client-Server, API’s, etc.) in various methodologies – BlackBox, WhiteBox, GrayBox in accordance with OWASP.

Our tests focus on discovering weaknesses both at the technological and business levels by uncovering application logical failures that enable an attacker to reach his target.

  • Code Review – Conducting source code reviews by a team of information security experts, using well known tools and proprietary techniques, with the goal of finding information security coding failures in the early stages of development
  • Internal and External Infrastructure Penetration Testing – the purpose of the tests is to simulate the penetration of an attacker from the internet from outside of the organization, as well as from the internal organizational network, thereby identifying existing vulnerabilities.
  • Architecture design and review. – Guiding developers in the process of building a new product.
  • Penetration Testing of IoT and Embedded Devices – conduct an in-depth security assessment to identify logical and physical security threats to devices.
  • Increasing employee security awareness – Performing simulated attacks as part of a campaign to raise awareness among the organization’s employees. This is performed using a variety of techniques, such as phishing simulation, social engineering etc.
  • Cyber Forensics – Investigation of cyber and information security events in the organization, with the aim of identifying the source of the attack and advising on future defensive measures.
  • Developer Training – our team consists of experts with extensive software development background, providing an advantage in guiding developers in terms of background on possible application attacks, raising their awareness of risks and increasing their secure programming knowledge.