Hacker4Lease - IT Security Services » Services

Custom or Packaged Services

lior — Wed, 17 Mar 2010 13:31:53 +0000

We offer a variety of services designed to fit your unique requirements. While we have packed up some predefined offerings, we also would be happy to customize a package for you. Let’s get connected and discuss your security concerns and we can share our experience with you as well. Then we can work together to make sure that you have the right mix to protect your business and your assets. There’s nothing worse than downtime combined with destroyed or exploited assets for a business. Let us help you take the steps to prevent that possibility. Contact us today.

Vulnerability Assessment – Silver Package

lior — Thu, 31 Dec 2009 03:18:52 +0000

Server Vulnerability testing using an automated tool

Black box testing using hacking tools

The web application vulnerability assessment service is the most basic service available, but also one of the best. The vulnerability scan will provide you the exact picture a hacker sees of your website/application and web server.

1Which tools are going to be used?

This question is difficult to answer for many reasons. My arsenal consists of more then 100 different hacking tools. Each one of them can be used against different targets and in some case, a combination of a few tools is necessary, some of which are commercial and some my own private hacking tools.

2How it works?

The test can take place on any day and at any hour you like. Usually, the best time to take the test is when the application is not busy and no maintenance work is scheduled.

As a certified hacker, I will use the most up to date knowledge and actual tools that hackers use, so you will get the best picture possible of your level of security.

Once the test is done, i will analyze the results and produce a detailed report of all the vulnerabilities found and how to mitigate them (vulnerabilities found and solution per vulnerability) .

3How will the vulnerability test affect my application and service?

As a basic understanding, you must realize that your application and server are going to be attacked by hacking tools, exactly the same as a real hacker would use. The only difference is that during the vulnerability and penetration test, i will not attempt to do any damage. Usually those tools will not cause any problem if they are being used by a professional, but there is also the unknown factor that relates to the web server and application condition in the time of the test. The worst damage that I have seen so far is from a web server that needed to reboot or services that were turned off, but the law and my own integrity requires me to inform you that anything can happen and you must be prepared for it.

From the other side, if your application and web server are in bad condition, it is better that you know about it when you are ready for it and not when a hacker runs the same tools and surprises you.

4Any preparations prior the test?

Usually i recommend having an up to date backup of the application files, database and web server, which should be available by default, every day. Besides that, if you have a system administrator in charge, he should be notified about this test and be available during the test.

The idea is not to change the existing working environment or the applications, it is to have the proper resources available in case that unwanted error occurs during the test.

5How accurate is the test?

Vulnerability assessment is less accurate then a penetration test, but it is also less intrusive and much cheaper than a penetration test.

The only way to determine if a vulnerability found during the test is real, is by testing it manually and trying to exploit it, which is essentially what a penetration test is.

6How often do i need to run the test?

It is recommended to run a new test every 3-4 months, and every time the web server and/or application has undergone a significant change. The intervals are related to the fact that new vulnerabilities are being found every day, and running the test helps in figuring out if your web server or application is exposed to them.

Vulnerability Assessment – Gold Package

lior — Thu, 31 Dec 2009 03:53:24 +0000

Server Vulnerability testing using automated tools and Manual Hacking techniques

black box testing using hacking tools + manual hacking techniques

This is an upgraded version of the web application vulnerability assessment service. By adding some hacking experience to the hacking tools I am using, I can increase the amount of potential vulnerabilities i can find, making this a definite upgrade on the basic service.

The vulnerability scan will provide you the exact picture of how an intermediate hacker sees your website/application and web server.

1Which tools and attacks are going to be launched?

2How it works?

The test can take place on any day and at any hour you like. Usually, the best time to take the test is when the application is not busy and no maintenance work is scheduled.

As a certified (ethical) hacker, I will use the most up to date knowledge and actual tools that hackers use, so you will get the best picture possible of your level of security.

Once the test is done, i will analyze the results and produce a detailed report of all the vulnerabilities found and how to mitigate them (vulnerabilities found and solution per vulnerability).

3How will the vulnerability test affect my application and service?

As a basic understanding, you must realize that your application and server are going to be attacked by hacking tools, exactly the same as a real hacker would use. The only difference is that during the vulnerability and penetration test, i will not attempt to do any damage. Usually those tools will not cause any problem if they are being used by a professional, but there is also the unknown factor that relates to the web server and application condition in the time of the test. The law and my own integrity requires me to inform you that anything can happen and you must be prepared for it. From the other side, if your application and web server are in bad condition, it is better that you know about it when you are ready for it and not when a hacker runs the same tools and surprises you by stealing your data or taking your operation down.

4Any preparations prior the test?

The idea is not to change the existing working environment or the applications, it is to have the proper resources available in case that unwanted error occurs during the test.

5How accurate is the test?

Vulnerability assessment is less accurate then a penetration test, but it is also less intrusive and much cheaper than a penetration test.

The only way to determine if a vulnerability found during the test is real, is by testing it manually and trying to exploit it, which is essentially what a penetration test is.

6How often do i need to run the test?

Vulnerability Assessment – Platinum Package

lior — Thu, 31 Dec 2009 03:59:19 +0000

Server Vulnerability testing using automated tools and Manual Hacking techniques and a Penetration Test

The combination of a manual and tools vulnerability assessment and a penetration test will provide you with the most accurate results possible. The main difference between the Platinum test and the other tests is that you will not only get a list of the vulnerabilities found which can be false positive, you will also be able to see which vulnerabilities i was able to exploit. This will show you the most up to date security status of your network, server and application.

1Which tools are going to be used?

This question is difficult to answer for many reasons. My hacking tools arsenal has more then 100 different components. Each one of them can be used against different targets and in some cases I use combinations of a few different tools, some of which are commercial and some my own private hacking tools.
During the penetration test, i will use existing exploits available on-line and other commercial exploits available as professional hacking tools.

2How it works?

The most common question I get regarding the process is if I will try to exploit all the vulnerabilities found, and the answer is no. There are some vulnerabilities that have no exploits available, and some vulnerabilities that i will not exploit simply because it can put the server stability in high risk.

The test can take place on any day and at any hour that you would like. Usually, the best time to take the test is when the application is not busy and no maintenance work is scheduled.
As a certified hacker, I will use the most up to date knowledge and hacking tools exactly like hackers use, so you will get the best picture possible of your security level.
Once the test is done, i will analyze the results and produce a detailed report of all the vulnerabilities found and how to mitigate them (vulnerabilities found and solution per vulnerability) .

3How will the vulnerability test affect my application and service?

As a basic understanding, you must realize that your application and server are going to be attacked by hacking tools, exactly the same as a real hacker would use. The only difference is that during the vulnerability and penetration test, i will not attempt to do any damage. Usually those tools will not cause any problem if they are being used by a professional, but there is also the unknown factor that relates to the web server and application condition in the time of the test. The worst damage that I have seen so far is from a web server that needed to reboot or services that were turned off, but the law and my own integrity requires me to inform you that anything can happen and you must be prepared for it.
From the other side, if your application and web server are in bad condition, it is better that you know about it when you are ready for it and not when a hacker runs the same tools and surprises you.

4Any preparations prior the test?

Usually i recommend having an up to date backup of the application files, database and web server which should be available by default, every day. Besides that, if you have a system administrator in charge, he should be notified about this test and be available during the test. The idea is not changing the existing working environment or the applications, it is to have the proper resources available in case that unwanted error occurs during the test.

5How accurate is the test?

Penetration test is the most accurate test available, especially when a professional is running it using hacking tools and manual techniques. The only way to determine if a vulnerability found during the test is real, is by testing it manually by trying to exploit it, which is what the penetration test essentially is.

6How often do i need to run the test?

It is recommended to run a new test every 3-4 months, and every time the web server and/or application undergoes a significant change. The intervals relate to the fact that new vulnerabilities are being found every day, and running the test helps figure out if your web server or application is exposed to them.

Web Application Security Assessment

lior — Thu, 31 Dec 2009 04:01:27 +0000

In the world of the Internet, the hacking business has attained an entirely new face coming up with new target zones and leading to mass destructions and heavy losses. The most significant and popular attack-zone (by hackers) currently targeted is the sector of web applications, which contain customer data and support online transactions.

With more and more websites coming up every day, most organizations can’t find time to keep the required constant vigil at the web application level. Thus, it is certainly very easy on the part of an experienced hacker to attack and compromise a system, simply through a commonplace web browser.

To help every website owner avoid hacker attacks and the possible damage occurring from them, a web application security assessment service is the answer. So, what can a web application security assessment service do? A particular web application is exposed to hacker attackers, only when it contains certain loopholes that a hacker can break in through. A web application security assessment service is specially designed to identify these flaws and loopholes and provide the ability to remediate them.. The entire cycle of the security assessment service incorporates functional application security testing, platform security testing, application architecture review, source code scrutiny, process and procedure evaluation and functional security assessments.

All the above-mentioned assessments are done from internal as well as external viewpoints. At the end of the security analysis of the web application, the result of the assessment is utilized to detect the flaws as well as the root cause attached to the flaws. The analysis, however simply does not highlight the faults in the application, it also offers effective recommendations required to secure the applications. Thus, with the enforcing of the application security assessment service it becomes rather easy to mitigate any risk leading to security threat.

Web Application Security Assessment Service

The web application security assessment service covers several technology layers providing suitable solutions, when firewalls, anti-virus or any other network scanners fail to defend against any web application attack. In general, the most critical information of your business might exist in those web applications. Web based applications, thus, provide high returns for every online business. However, a minute flaw in your web application is good enough to invite an experienced hacker to break into your system. Pursuing this, a loss resulting from a hacker attack can be enormous. Possibly, it can damage the image of your organization, pose a threat to your profits owing to fallacious transactions and system malfunctions, and can also result in loss of consumer confidence.

To help businesses avoid any of the above mishaps, hacking protection experts at Hacker4lease are here with the right solution – it is providing sophisticated web application security assessment service. The service primarily deals in analyzing your application and identifies the existing loop holes that can bring grave consequences. The entire analyzing phase includes assessing the software security controls and recognizing the design and architecture flaws and source code analysis. Moreover, after the final assessment of the application and the detection of the present faults in the system, recommended solutions to prevent hacker attacks are provided. Hacher4lease’s web application security assessment offerings particularly aim to present the necessary solution before any critical data is corrupted, lost or stolen.

At Hacker4lease, the specific service is customized according to the requirements of the client. Regardless of the size of the business, the experts work in close association with the application security controls teams and supply the necessary recommendations. Once an organization has addressed the possible exploits in the application with the given recommendations, Hacker4lease will retest the findings to ensure that the solutions provided are effective enough in eliminating the risk of hacking.