Cybersecurity
Get your security down to a science with our expert cybersecurity consultants.
Web application testing measures the security posture of your website and/or custom developed application. TCM Security performs full unauthenticated and authenticated testing based on strict OWASP guidelines. Our engineers focus on identifying weak points across the entire web application to ensure your applications and data stay safe.
Testing activities include hunting OWASP Top 10 Vulnerabilities, website mapping and enumeration, testing for injection attacks (SQL, JavaScript, LDAP, etc.), testing for remote code execution, malicious file upload abuse testing, and more.
An external penetration test emulates the role of an attacker attempting to gain access to an internal network without internal resources or inside knowledge. A TCM Security engineer attempts to gather sensitive information through open-source intelligence (OSINT), including employee information, historical breached passwords, and more that can be leveraged against external systems to gain internal network access. The engineer also performs scanning and enumeration to identify potential vulnerabilities in hopes of exploitation.
An internal penetration test emulates the role of an attacker from inside the network. A TCM Security engineer will scan the network to identify potential host vulnerabilities. The engineer will also perform common and advanced internal network attacks, such as: LLMNR/NBT-NS poisoning and other man- in-the-middle attacks, token impersonation, kerberoasting, pass-the-hash, golden ticket, and more. The engineer will seek to gain access to hosts through lateral movement, compromise domain user and admin accounts, and exfiltrate sensitive data.
Sometimes, your organization doesn’t fit into “off the rack” assessments and that’s okay. We’re here to tailor to you and be a perfect fit. If you’re seeking security consulting that’s not listed here, please contact us and let us know how we can help.
CYBERSECURITY TRAINING
a comprehensive training package that helps organizations understand the importance and need for security awareness training in the workplace.
This training package explains the importance of having a security awareness training program, and provides a step by step guide on how to implement one.