Advensis -

IT Security Consultancy

In todays modern world, technology advances and systems are expanding so they are constantly under threat of security vulnerabilities and cyber-attacks. Recognizing this awareness, Advensis provides IT security consultancy services to all private companies, public institutions, and organizations with its dynamic consultants who continuously develop themselves and adapts to changing range of security concerns.

Web Application Security Testing

Web applications based on the principle that multiple technologies work together, including server-side and client-side technologies, must be reliably designed and implemented. Since the security of web applications and the security consciousness gets important day by day, many institutions are working for this aim. OWASP (Open Web Application Security Project) Open Web Application Security Project, which is one of the leading examples of these activities, has representative offices in many countries, publishes documents, methods about security applications, web application security, which also aims at correcting security problems by dealing with problems caused by unsafe and inappropriate software. The access is to all these resources published by the community is open and free. OWASP has created a test area for those who want to gain experience in penetration testing as well as introducing different vulnerabilities in web applications.

The tests listed below are performed on the web applications included in the scope of the penetration tests.

  • Output controls
  • Access permissions and authorization controls
  • Insecure data storage
  • Error handling
  • Exceptions handling
  • Command injection
  • User authentication tests
  • Separation of duties between user and system administrator
  • Session management tests
  • SQL injection
  • URL-based data entry
  • Data entry controls
  • Data And memory leaks
  • XSS - Cross Site Scripting
  • Weak password structure

DDoS Test

Organizations, which suffer any damage from cyber-attacks, indicate that these attacks result in costly business interruptions, loss of critical enterprise data, loss of personal information about employees or customers, and cause reputational damage. Thus, such losses transform into the loss of production, loss of income and damage the customer trust for the institutions. There are many types of distributed denial-of-service (DDoS) tests performed to measure the stability of networks and systems of medium and large-scale institutions such as ACK Flood, TCP Connection SYN Flood, HTTP Get / Post-Flood, UDP Flood, DNS Flood, ICMP Flood, SSL, and HTTPS. Using the most effective and most useful DDoS testing methods known as DDoS tests, it is possible to determine how long the existing network and systems can serve, as well as the errors of the configuration stages of the devices.

Penetration Test

Penetration test consists of all attacks which result in gaining acess to IT systems trying all possible ways of intrusion. Aim in these tests are gathering Access to systems as normal users with exploiting the possible vulnerebilities. Some examples of penetration test types are as follows;

  • Internal Penetration Tests
  • External Penetration Tests
  • DNS research and analysis
  • Network and server software tests
  • Web, Email, Directory and FTP Servers on DMZ zones
  • DDoS Attack Tests