security assessment

we deliver a full range of security assessment services

Security technology is increasingly powerful. But not sufficient if not controlled by highly skilled security experts. At Emaze, we thrive to combine top-notch technology and applications with professional experience. To minimise exposure, we only use our own employees to perform ethical hacking services.

penetration testing

We simulate cyber attacks to help organisations anticipate risks and up their security game. We perform PT on a regular basis for some of our clients or as a one-off 4 weeks project.

Through Penetration Tests we deliver a snapshot of the security level of our clients and help them evaluate the impact of vulnerabilities on their business. Finally, we guide them through a remediation strategy for the identified vulnerabilities.

We operate in several modes: Black Box, Grey Box or White Box. In all these 3 modes, we will scan for not updated systems, identify weak user credentials, try to access domain admins, exploit vulnerabilities of connected devices, use insufficient network protection to prove potential extraction of data.

Penetration Testing activities can have a wide scope throughout the organisation or target specific items such as web applications (WAPT), mobile applications (MAPT), network & infrastructure, wireless networks, embedded systems or IoT (Internet of Things).

Our Penetration Testing services include management and technical reports which will list weighted risk levels, highlight vulnerabilities, estimate consequences and recommend solutions.

Our Emaze approach to Penetration Testing will improve your security position. It will help you spot which critical assets are at risk and identify information security weaknesses before the attackers.

application security

We perform Secure Code Analysis. Through the years we have delivered regular in-depth security analysis of the application source code for our most sophisticated clients.

We have developed a singular know-how to identify security vulnerabilities of application’s source codes.

Our Emaze “Code Review Activities” allow us to highlight critical issues within several areas of our clients source codes such as authentication, authorization, input validation, encryption, race condition, use of vulnerable components, security misconfiguration.

Finally, not only we identify security vulnerabilities in source codes, but we are also specialists in discovering hidden backdoors or business logic errors.

training

Security checks, weakness alerts and threat detection are not worth much if the people in the organisation are not informed and aligned with new security principles.

Often, employees are the weak link. Therefore, we also help our clients organise internal awareness campaigns through cyber security training sessions.

We operate on a train-the-trainers mode. We design specific practical and theoretical training sessions for the management of the company.

We deliver customised scenario exercises against unsecure mobile device usage, casual byod approach, phishing mails and/or websites, malicious USB.

Training subjects include ROI of hacking for C-level and top management, as well as “security conscious professional behaviour” and secure development procedures.

 

PCI-DSS compliance checks 

We are PCI ASV (Approved Scanning Vendor) certified. As such, we deliver PCI DSS (Data Security Standard) related services: quarterly PCI ASV scans (VA&PT), PCI Gap Analysis, support to the PCI SAQ compilation.

data_background
case study

Emaze won a tender against 17 players for a top 3 EU rail operator. The shortlist included 5 leading security players.

The client has EUR 8B revenues and over 70,000 employees.

The tender included the test and hardening of rail systems for a duration of 3 +1 years (2012-2016), for a contract value of EUR 0.5m per year.

Services included

  • penetration testing
  • code audit
  • governance
  • project management

targeted at

  • network infrastructure
  • operating platforms
  • on-board train systems
Do you want to secure your corporate information assets?