Security testing services

1. TCL Security Testing Services
Enterprise applications are the enterprise’s new security perimeter. TCL’s Security Testing
focuses on detecting application vulnerabilities in order to ensure that only authorized users
are able to access the application and that authorized users are able to access and update
only the information to which they have been granted permission.
Applications require varying levels of security testing depending on the purpose of the
application, the application customer base and the data contained within the application
database. To address client security risk levels associated with unique applications, our
customers have the ability to pick and choose from any of the following service offerings and
customise.
Security Review and Assessment
Security Application Testing
Security Vulnerability Testing
Review and Assessment Overview
Perimeter Review
– Firewalls, Routers, RAS servers, Virtual Private Networks, Wireless LANS
Server Review
– OS hardening, S/W patch currency, active services review, account review
– All IPS visible to internet
Content Management Review
– Web traffic
– Email
– Antivirus / Malware Prevention and Remediation.
Technical Policy Review
– Passwords, Directories, Groups, Accounts
– Access Control
Authentication Review
– Effectiveness of current authentication
– PKI, tokens, smartcards
Intrusion Detection System Review
n
– ID Sensors, Analysis Stations, Burglar Alarms, HIDS and NIDS
– Log analysis and intrusion attempt reporting
Encryption Review.
– Packet encryption, file / data encryption, hard drive encryption
Application Testing
TCL’s Security Testing also verifies that the following application security requirements have
been met.
Uses our requirements based testing methodology
ments
– Develop Test Strategy, Plan and Cases/Scenarios
Application security controls like
– Data Confidentiality, Non Repudiation
– Communication Security and Data Integrity security
– Web Application Security
TCL Security Testing Services v0 Page 1 of 3 Commercial in Confidence
03 KVS 180511 © 2011

2. TCL Security Testing Services
Design/Requirement Impact
– tokenisation architecture, common PCI requirements
Coding standards
– shared variables across threads
Early penetration testing
– automated & manual
Security standards control
– governance of architecture & testing
Vulnerability testing
– inappropriate file permissions
Security compliance reporting
– PCI, DPA
– Sarbanes-Oxley
– Basel II
– Food and Drug Administration (FDA)
– NERC-CIP
– Health Insurance Portability and Accountability Act (HIPAA)
– Federal Information Security Management Act (FISMA)
– Gramm-Leach-Bliley Act (GLBA)
Bliley
– Payment Card Industry Data Security Standard (PCI DSS)
– ISO 27001 / 27002
Vulnerability Testing
Identify network security gaps
entify
Review results of gap analysis report and make recommendations
Implement recommendations.
Benefits
Authentication of a secure environment
Understanding of the current adherence to your Security Policy
TCL Security Testing Services v0 Page 2 of 3 Commercial in Confidence
03 KVS 180511 © 2011

3. TCL Security Testing Services
Awareness of potential inadequacies in security
Improvement of security through design and implementation of secure network
solutions
Protection from damages and financial losses from unwelcome network access
Key Deliverables
TCL security testing services delivers the following outputs:
• Identification of application security vulnerabilities
• Application security vulnerability reports
• Remediation analysis
• Recommendations to assist with the remediation of the vulnerabilities
Contact
K. V. Shashi Kiran
Shashi.kiran@tcl-asia.com
+91 98450 08696
End of Document
TCL Security Testing Services v0 Page 3 of 3 Commercial in Confidence
03 KVS 180511 © 2011