Soteria Health Check

Soteria Healthcheck

Soteria’s Health Check is an efficient means of evaluating your organisations current security profile against recognised security risks.

Vulnerability Assessment

We utilise 3rd party tools such as NMAP and Nessus to perform vulnerability tests to reveal open ports and accessible services which could be exploited by hackers.

Access Control

We scrutinise user and system accounts looking for excessive or accumulated privileges, default passwords and poor password maintenance etiquette. We also use applications like Webscurify and Nikto to identify vulnerabilities in web servers.

Patch Management

We examine the security patch management of your SAP ® systems looking for any important omissions. Likewise patching of your network and client based Anti-Virus software.

Attack vector review

We review the most common prevailing web enabled cyber-attack vectors as categorised by OWASP top ten, and examine your organisations defence profile against each attack type. E.g: Injection, XSS, CSRF, buffer-overflows, man-in-the-middle.

Penetration Testing

Where requested we can use programs such as Wireshark, Dsniff and Metasploit as part of a network penetration test to highlight un-encrypted data which may be sniffed over your networks. We reveal security vulnerabilities at the operating system, database, routers / switches / firewalls, telephony & VOIP, as well as highlighting any IDS and IPS evasion loopholes. We can also pen test at the application level looking for SAP ® specific rootkits, backdoors, and coding vulnerabilities. Tools like Medusa and Hydra can be used (where expressly requested), to crack SAP ® passwords and gain access depending on the remit and scope of the pen test.

A typical Soteria Health Check which does not involve penetration testing is conducted in 8-10 days, and you will be presented with a comprehensive Soteria Health Check report at the end of that period. For a Soteria Health Check involving penetration testing, much will depend on the scope and remit of the pen test. Please contact us to discuss options.