TR / ENG
+90 212 224 9004
[email protected]

Security CheckUp

Lostar Security CheckUp for more than penetration tests

How resistant are your information technology systems against potential intrusions via the Internet or the Intranet? What would you do if your IT systems were under an intensive attack? Which of your processes lead to what amount of information loss and how?

Security CheckUp service portfolio is intended to identify and improve security vulnerabilities that companies are unaware of. Similar services are referred to as penetration test in the market; however, Lostar Security CheckUp is much more than just penetration tests.

Lostar experts will audit your systems from the perspective of an intruder and expose the reliability, risk exposure and accessibility of your systems in case of an attack. Since numerous variables and methods are in question in such attacks, it is vital to have the expert security audits; Lostar will provide your company with high quality audit service. Furthermore, you can acquire more attack-resistant information systems by implementing the measures to be adopted for your systems in the light of the results from the audit reports.

How We Differ from Penetration Tests?

  • We do not just deliver reports to companies, but we make a presentation of the test report to managers and IT experts and discuss about security vulnerabilities with them.
  • In our reports, we address the elements that IT experts and managers give importance to.
  • We express the suggested solutions in a very clear and understandable fashion, and we additionally provide reference guides that lead the issue to the solution step by step.
  • We provide the ‘verification test’ free-of-charge along with our Internet Security CheckUp service, whereby system vulnerabilities are rechecked 30 days after report submission.

How we work?

  1. Determine the Audit Content
  2. Establish Audit Methods
  3. Conduct the Audit
  4. Report the Audit
  5. Present the Report

Benefits of the Lostar Security CheckUp service

  • IT Systems with Higher Attack-Resistance
  • Constant Improvement of IT Systems Security

Lostar Security CheckUp Service Portfolio

Lostar Internet Security CheckUp

We examine whether your corporate website is resistant to attacks. We conduct an online audit of your website and your applications from a hacker’s perspective and prepare a report.

Do your systems open to the Internet have adequate security? Could attackers steal your sensitive enterprise information over the Internet and penetrate your network? How resistant are your IT systems against online attacks?

You can find the answers to these questions with the Internet Security CheckUp (External Penetration Test) service.
Internet Security CheckUp service establishes the current security situation (threats, risks) of an organization’s applications and services open to the Internet, provides information about the security measures to be adopted, and helps with their development upon request.

Internet Security CheckUp service is rendered using automated tools of high technical capability, along with manual and creative examinations of specialized Lostar engineers.

Within the scope of this service, we will push the limits of your systems’ security making use of hackers’ methods and tools.

The methodology used during the work is as follows:

  1. Determine the Audit Scope on the Basis of Contacts Held
  2. Analyze Systems
  3. Create and Implement Structural Attack Patterns
  4.  Report the Resulting Data and Suggested Solutions
  5. Present the Report
  6. Conduct and Report the Verification Audit

You aim to offer the best service to your clients by maximizing the service quality with the support of information technologies. The accessibility, integrity and confidentiality of your systems are vital. The security of the information technologies used is critical for your organization and your clients.

With the help of the “Internet Security CheckUp” (Internet Penetration Test) service, you can maximize your service quality and offer the best service to your clients.

The scope of this service will be finalized upon meetings with your party. However, we anticipate the following items to be covered in the service:

  • Passive information gathering
  • Network analysis
  • Port analysis
  • System analysis
  • Gain access to the system
  • Privilege escalation
  • Halt system services
  • Overflow
  • Gain unauthorized access to applications
  • Perform unauthorized processes on applications
  • Social engineering (gather information using The Art of Deception)
  • Risk assessment
  • Ethical hacking of web-based applications

As a result of the Internet Security CheckUp, we will determine the security vulnerabilities in your infrastructure open to the Internet (SQL injection, XSS, default user accounts, lack of updates, etc.). In addition, we will manifest the issues resulting from software-related flows through creative hacking attempts by Lostar experts.

The report resulting from the service covers the following sub-sections:

  • Executive Summary
    • Visual Results
    • Findings by Risk Levels
    • Findings
  • Scope
  • Network Map
  • Technical Findings
  • Conclusion

Following the correction of the report findings, we will perform and report a free-of-charge “Verification Audit” establishing the current status of relevant findings. Based on the verification audit, we will establish whether reported findings were closed or not through improvement efforts.

Key words: software security, security, c# security, sql injection, xss, code injection, penetration, hacking, black box test,

Lostar Intranet Security CheckUp

We will examine how secure your local network is. Over the Intranet, we will audit your local network from the perspective of a malicious insider, using his/her methods, and report your vulnerabilities.

Could an intruder on the local network gain unauthorized access to the information on the organization’s infrastructure? Could the information be corrupted? Are changes in information systems logged? Are security measures adopted by system administrators capable of protecting enterprise information? Are systems up-to-date and secure?

You can find the answers to these questions with the Intranet Security CheckUp (Local Area Network Penetration Test – LAN Security Analysis) service.

Intranet Security CheckUp service is intended to establish the current security situation (threats, risks) of an organization’s internal networks, to provide information about the security measures to be adopted, and to help with the development of these security measures upon request. In addition, checking the efficiency of relevant processes falls under the scope of this service.

Our method consists of the following steps:

  1. Determine the Audit Scope
  2. Identify the Audit Methods
  3. Analyze Systems
  4. Hold Contacts with System Administrators and Users
  5. Report the Data Obtained from the Work Along with Suggested Solutions
  6. Present the Report

You aim to offer the best service to your clients by maximizing the service quality with the support of information technologies. The accessibility, integrity and confidentiality of your systems are vital. The security of the security of information technologies used is critical for your organization and your clients.

With the help of the “Intranet Security CheckUp” (Local Area Network Penetration Test – LAN Security Analysis) service, you can maximize your service quality and offer the best service to your clients.

Scope of Work:

  • Network analysis
  • Port analysis
  • System analysis
  • Attempts to intercept system services
  • Overflow
  • Unauthorized processing on the application
  • Social engineering (gather information using The Art of Deception),
  • Router and firewall rule assessment
  • Wireless network security
  • Data confidentiality and privacy
    • Physical security
    • Physical access controls
    • System room physical security and adequacy checks
    • Security of end user devices
    • Security of printers and network devices
    • Document security
  • Communication security,
    • PBX Switchboard
    • Facsimile
    • Voice mail
    • Modem
    • IP phones
    • IP switchboards
    • VPN
    • Network devices (router, switch, IDS, IPS, web application firewall etc.)
  • Process Audit,
    • Change Management
    • Incident Management
    • Problem Management
    • Installation/Update
    • Authorization
    • Project Development/Design
    • Purchasing
    • Contract Management
    • Access Management
      • External Access Management
      • Internal Access Management
    • Software Development

Based on the Intranet Security CheckUp, we will identify the security vulnerabilities that your internal infrastructure is known to have (database configurations, domain policies, user password and security policies, firewall rules, default user accounts, lack of updates etc.). In addition, we will reveal the non-technical problems arising from the infrastructure used as a result of creative hacking attempts by Lostar experts.

The report resulting from the service covers the following sub-sections:

  • Executive Summary
    • Visual Results
    • Findings by Risk Levels
    • Findings
  • Scope
  • Network Map
  • Technical Findings
  • Conclusion

Key words: system security, DOS, security, hacking, denial of service, penetration test, attack prevention, password cracking, database audit, firewall audit

Lostar DoS Security CheckUp

We will examine how resistant your website, servers and services are against 'denial of service' (DoS) attacks. We will measure and report your corporate resistance through customized DoS attacks adopting a hacker’s perspective.

Major losses will result if your clients are unable to reach you or if the systems controlling your production are dysfunctional. Are you exposed to such a risk? Could competition render your systems inaccessible in order to capture commercial advantage?

You can find the answers to these questions with the DoS Tests DoS Security CheckUp (Denial of Service Attacks).
DoS Tests are intended to determine whether an organization’s Internet or Intranet infrastructures are resistant to denial of service (DoS) attacks. Lostar experts will carefully perform DoS Tests and relevant information collection at the client’s site at times to be mutually set in order to reduce the probability of damage to existing systems.

We will examine the company’s systems and specifically design the attack tools and scenarios that will have the highest efficiency against these systems from within the known DoS attack methods. We will realize the attacks at the times and on the dates when the systems supervised by system administrators are not or are less frequently used, so as to identify the attack methods leading to system vulnerabilities. We will determine the devices in which effective attack methods identified create a bottleneck and the root causes of bottlenecks. We will present suggested solutions and alternatives that will solve the bottleneck on the devices.

Our Working Method:

  1. Determine the scope and get information about targets,
  2. Devise the test cases specifically for the infrastructure falling under the scope and submit it for the client’s approval,
  3. Carry out (on site) DoS attacks with the participation and under the supervision of the client’s system administrators,
  4. Study the results of the attacks with the participation and under the supervision of the client’s system administrators and proceed to the next scenario,
  5. Determine the technical reasons of service interruption and/or slowdown in target systems,
  6. Proceed to the next scenario,
  7. Report the data obtained from the work along with suggested solutions,
  8. Present the report.

You aim to offer the best service to your clients by maximizing the service quality with the support of information technologies. The accessibility, integrity and confidentiality of your systems are vital. The security of the information technologies used is critical for your organization and your clients.

With the help of the “DoS Security CheckUp” service, you can maximize your service quality and capture a high-level security concept for the systems.

Through the DoS Security Checkup, we will identify the denial of service vulnerabilities that your internal infrastructure has. In addition, we will reveal the non-technical problems arising from the infrastructure used as a result of creative hacking attempts by Lostar experts.

The report resulting from the service will cover the following sub-sections:

  • Executive Summary
    • Visual Results
    • Findings by Risk Levels
    • Findings
  • Scope
  • Technical Findings
  • Conclusion

Key words: system security, DOS, security, DDOS, hacking, denial of service, penetration test, attack prevention

Lostar Application Security CheckUp

How would data and other losses that might result from your internally developed software impact your organization? How do you satisfy the legal and contractual security requirements in relation to your in-house software? Are you taking software security into consideration in your software design and development processes?

You can find the answers to these questions with the Application Security Checkup service.
By rendering the Application Security Checkup service, we aim to examine application source codes through automated and manual methods, conduct security analyses on these codes, audit the platform supporting the application, examine the infrastructure services, and identify potential security violations before they take place. With Application Security Checkup, we will determine any existing or potential security vulnerability in the application layer at its origin and present suggestions for their solution.

Within the frame of our work method, we will do the following:

      1. Determine the Audit Scope,
      2. Hold the Kick-off Meeting with the Software Development Team
        1. Establish the Software Development Language and Infrastructure Use,
        2. Specify the Software Functions,
        3. Review the Software Algorithm and Flow Diagrams,
      3. Analyze Systems,
      4. Contact Application Developers and Analysts,
      5. Review the Source Code Documentation,
      6. Establish Receipt of the Source Code in a Written Report,
      7. Identify Algorithmic and Infrastructural Security Vulnerabilities,
      8. List the Existing Vulnerabilities Regarding the Software Language Used,
      9. Report the Data Obtained from the Works along with Suggested Solutions,
      10. Establish Destruction of the Audit Copy of the Source Code in a Written Report,
      11. Present the Report.

You aim to offer the best service to your clients by maximizing the service quality with the support of information technologies. The accessibility, integrity and confidentiality of your systems are vital. The security of the security of information technologies used is critical for your organization and your clients.

With the help of the “Application Code Security CheckUp” service (application security), you can maximize your service quality and have the applications you provide capture the high-level security concept.

Through the Application Security Checkup, we will identify the security vulnerabilities that your internal infrastructure is known to have (code injection, secure storing methods, resource management, log management etc.). In addition, we will reveal the non-technical problems arising from the application development infrastructure used as a result of creative hacking attempts by Lostar experts.

The report resulting from the service covers the following sub-sections:

  • Executive Summary
    • Visual Results
    • Findings by Risk Levels
    • Findings
  • Scope
  • Technical Findings
  • Conclusion

Key words: software security, code review, security, c# security, sql injection, xss, code injection

Lostar Process Security CheckUp

We will examine whether you are aware of risks that might result from your business processes. Through contacts with your business and technology units, we will reveal security risks that may originate from your business processes. We will report the results in detail, along with our suggested solutions.

Is the information in the organization’s infrastructure susceptible to unauthorized access? Could the information become corrupted? Are changes made in information systems logged? Are security measures adopted by system administrators capable of protecting enterprise information? Do they provide the confidentiality, integrity and availability principles for your enterprise information? Are your corporate processes independent from one another and self-managing?

You can find the answers to these questions with the Process Security CheckUp.
The Process Security CheckUp is intended to audit the processes carried out by the company and to bring about the outputs that will increase the security level of these processes.

The method used can be summarized as follows:

  1. Determine the Audit Scope
  2. Set the Audit Methods
  3. Contact the Individuals Involved in the Process and Examine the Methods Used by Them
  4. Expose Improvement Areas and Create Suggestions
  5. Collect Evidence and Questions in Line with the Demand Received During Contacts
  6. Examine Security Vulnerabilities
  7. Report the Data Obtained and Suggested Solutions
  8. Submit the Report

You aim to offer the best service to your clients by maximizing the service quality with the support of information technologies. The accessibility, integrity and confidentiality of your systems are vital. The security of information technologies used is critical for your organization and your clients.

With the help of Process Security CheckUp, you can maximize your service quality and offer the best service to your clients.

Scope of Work:

      • Change Management
      • Incident Management
      • Problem Management
      • Installation/Update
      • Authorization
      • Project Development/Design
      • Purchasing
      • Contract Management
      • Access Management
        • External Access Management
        • Internal Access Management
      • Antivirus Management
      • Electronic Media Management

Through Process Security CheckUp, we will determine the hitches in your corporate processes.
The report resulting from the service covers the following sub-sections:

      • Executive Summary
        • Visual Results
        • Findings by Risk Levels
        • Findings
      • Scope
      • Process Flow Diagrams
      • Technical Findings
      • Conclusion

Key words: CobiT, security, IT consultancy, risk analysis, risk management