Cyberone VAPT

Cyber security is a great concern for Bangladesh. In  2017, A study on cyber risks facing financial institutions conducted by the Bangladesh Institute of Bank Management (BIBM) shows that 28 percent of bankers are 'totally unaware', 22 percent are 'unaware,' and 20 percent has 'little idea' on cyber security. Websites of various government offices have suffered multiple cyber-attacks, including that of the National Parliament and BASIS. More than 200,000 computer networks in 150 countries were affected in a cyberattack in 2017 . ATM fraud and bank password hacking is occurring very often since-2017. The bank heist in February 2016 abled hackers to steal over $80 Million from the Federal Reserve’s Bangladesh. According to Kaspersky Lab, Bangladesh is one of the countries on the top hit list of impending cyber attacks. Those sort of  compromising issues are playing by intruder(s) (like; Ransomware, WannaCry , botnet and DDOS attack ) very often  and losing valuable data and corporates reputation, damaging assets. 

According to Kaspersky Lab, Bangladesh is one of the countries on the top hit list of impending cyber attacks. In  2017, A study on cyber risks facing financial institutions conducted by the Bangladesh Institute of Bank Management (BIBM) shows that 28 percent of bankers are 'totally unaware', 22 percent are 'unaware,' and 20 percent has 'little idea' on cyber security. Websites of various government offices have suffered multiple cyber-attacks, including that of the National Parliament and BASIS. More than 200,000 computer networks in 150 countries were affected in a cyberattack in 2017 . ATM fraud and bank password hacking is occurring very often since-2017. The bank heist in February 2016 abled hackers to steal over $80 Million from the Federal Reserve’s Bangladesh. Our innovative VAPT (Vulnerability Assessment and Penetration Testing) solution would be able to undertake responsibility of enterprise to network, data and application scanning to  find-out vulnerability and PT ( Penetration testing ) solutions can interact the to penetrate the intruder's activities to  create action plan report to remediate the threats . This intuitive solutions can advise to protect  vulnerability under the accurate measure and cyber security applications. 

ICT is the backbone of any digital initiative and it covers the vast area of information technology, communication technology and the telecommunication technology. The country is successfully leveraging this rising penetration and has earned $800 million in 2017 by exporting ICT products and services. On top of these, the total number of Internet Subscribers has reached 80.483 million at the end of December, 2017, can be seen as a consequential blessing of the recent progressive steps taken by the present government and the growing ICT sector.

Total 75,000+ Youth to be trained over next three years

o 10,000 Top-up Training
o 20,000 Foundation Skills Training Program
o 20,000 Online Outsourcing Training
• Under the Skills for Employment Investment Program (SEIP), total 1.25 million Youth to be trained by 2021
• Under the Support to Development of Kaliakair Hitech Park project, 4,981
youths have received ICT training

Our underpinning solution can help to protect and make safe-gard from vulnerability  and cyber threats , damages and losses.

Our Innovative VAPT solutions is also known as Vulnerability Testing, is a software testing type performed to evaluate the security risks in the software system in order to reduce the probability of a threat. A vulnerability is any mistakes or weakness in the system security procedures, design, implementation or any internal control that may result in the violation of the system's security policy. In other words, the possibility for intruders (hackers) to get unauthorized access.

Vulnerability Analysis depends upon two mechanisms namely Vulnerability Assessment and Penetration Testing(VAPT).

1. Goals& Objectives: - Defines goals and objectives of Vulnerability Analysis

2. Scope: - While performing the Assessment and Test, Scope of the Assignment needs to be clearly defined.

How to do the Vulnerability testing?

Following is the step by step Vulnerability Assessment Methodology/ Technique:

Step 1) Setup:

• Begin Documentation
• Secure Permission
• Update Tools
• Configure Tools

Step 2) Test Execution:

• Run the Tools
• Run the captured data packet (A packet is the unit of data that is routed between an origin and the destination. When any file, for example, e-mail message, HTML file, Uniform Resource Locator(URL) request, etc. is sent from one place to another on the internet, the TCP layer of TCP/IP divides the file into a number of "chunks" for efficient routing, and each of these chunks will be uniquely numbered and will include the Internet address of the destination. These chunks are called packet. When they have all arrived, they will be reassembled into the original file by the TCP layer at the receiving end. , while running the assessment tools

Step 3) Vulnerability Analysis:

• Defining and classifying network or System resources.
• Assigning priority to the resource( Ex: - High, Medium, Low)
• Identifying potential threats to each resource.
• Developing a strategy to deal with the most prioritize problems first.
• Defining and implementing ways to minimize the consequences if an attack occurs.

Step 4) Reporting

Step 5) Remediation:

• The process of fixing the vulnerabilities.
• For every vulnerability

Advantages of Vulnerability Assessment :

• Dynamic tools to scanning the vulnerability 
• Identifies almost all vulnerabilities
• Automated for Scanning.
• Easy to run on a regular basis.

Our Innovative VAPT tools are  fully new ;  VAPT solutions are existing in market and the deep learning tools with VAPT is is fully new concepts to scanning the application and network of organization.  

Advantages of Vulnerability Assessment:

• Machine Learning  tools are available.
• Identifies almost all vulnerabilities
• Automated for Scanning.
• Easy to run on a regular basis.

Vulnerability Testing Methods:

Active Testing

• Inactive Testing, a tester introduces new test data and analyzes the results.
• During the testing process, the testers create a mental model of the process, and it will grow further during the interaction with the software under test.
• While doing the test, the tester will actively involve in the process of finding out the new test cases and new ideas. That's why it is called Active Testing.

Network Testing

• Network Testing is the process of measuring and recording the current state of network operation over a period of time.
• Testing is mainly done for predicting the network operating under load or to find out the problems created by new services.
• We need to Test the following Network Characteristics:-

• Utilization levels
• Number of Users
• Application Utilization

Distributed Testing

• Distributed Tests are applied for testing distributed applications, which means, the applications that are working with multiple clients simultaneously. Basically, testing a distributed application means testing its client and server parts separately, but by using a distributed testing method, we can test them all together.

VAPT being a proactive Security Auditing technique can efficiently help an Organization to defend its Information systems from various Cyber threats.  VAPT tools can be used to identify the Vulnerabilities in the current Security Arrangements and avoid possible Cyber-attacks. Our innovative VAPT Models which provide a Blueprint to ensure the accuracy and effectiveness of the Complete Auditing Process. Our VAPT enlists a set of best fit tools for every aspect of testing, which can be easily accessed and used by the Organizations to audit their security arrangements as a part of the Proactive Cyber Defence Strategy.

Device Scanning: Browser; Phishing; Framing;Click jacking;Man-in-the-Mobile;Buffer Overflow; Data Caching; Application; Sensitive data storage; No / Weak encryption; Improper SSL validation; Configuration; manipulation; Runtime injection; Privileges escalation; Device access; Phone / SMS; Baseband attacks;SMS phishing.

Operating System Scanning: Password management; Jail breaking / rooting; OS data caching; Data access; Carrier-loaded software; Zero-day exploit.

The Network: Communication Channels;  No / weak Wi-Fi encryption; 
Rogue access point; Packet sniffing;  Man-in-the-middle; Session hijacking
DNS poisoning; 

The Backend;  Web Server; - Platform vulnerabilities;- Server ;- misconfiguration; -Cross-site scripting;-Cross-site request

forgery; -Weak input validation; Database; -SQL injection; Privileges escalation; Data dumping; OS command execution.

Our Penetration Testing  tools helps to:
• Identify the weakest points in network, so can make fully informed
decisions about where best to focus, attention and budget in order to
mitigate future risk.
• Avoid financial, operational and reputational losses caused by cyberattacks by preventing these attacks from ever happening through proactively
detecting and fixing vulnerabilities.
• Comply with government, industry standards for example Payment Card Industry Data Security Standard (PCI DSS).

0

Our innovative VAPT tools would be able to protect cyber threats for bangladeshi as well contributing global  cyber security . It will help to protect  losses of business and technology of IT service provider.

 Security of the application can be improved by performing the VAPT (Vulnerability Assessment and Penetration Testing) of the application. VAPT helps to find out the hidden vulnerabilities inside the application.

Vulnerability Assessment is the process of systematically scanning an organization’s servers, workstations, devices, operating systems, and applications to detect and identify vulnerabilities. Identified vulnerabilities could include missing patches, gaps or loopholes in system design,
misconfigurations etc.  Our solution can provide support :

ICT Companies: 4,500+
Demand for software in the local market: US$ 1.18 Billion
• No. of IT/ITES Professionals: 3,00,000 (appr.)
• Market value of IT/ITES: US $400+ 
• Professionals: 3,00,000 (appr.)
• Market value of IT/ITES: US $400+ 

Access to finance is another problem. Sometimes it is also hard to get loans from banks. Small enterprises also lack proper financial reporting which further discourages bankers to provide loans. This becomes a challenging part for the entrepreneurs and they need to think of self-financing. 

Lack of capital at initial level is barrier for new entrepreneurs (Bangladesh Tariff Commission, 2015). The companies I have surveyed were mostly dependent on self-funding and they needed to look for investors. They really did not open up about this initial capital that they had used. 

Skilled manpower is an important factor for the growth of the company. Though our country has started to see the light of development for few years, we have already come along way. More skilled people can be created if our institutional learning has more link with industrial work.

Applying for venture capital from Tiger Foundation.

Continuous research and development is significant part in this software development business. 

Searching skilled manpower to build-up team.

N/A

05 members.

Cyber security solution architecture-1

Cyber security solution analyst-1

Cyber security solution developer-3

Our team member are very professional on cyber security solution development on VAPT: having the following skills:-

1. Security tools expertise: Capable to designing the cyber security tools using the technology and coding.

2. Security analysis:  Tools are important, but it’s also critical to understand how they fit into overall security strategy, says Stanger. 

3. Project management: IT project management skills are always in demand, but project managers who specialize in managing security projects are becoming especially valuable.

4.Incident response: Incident response is another vital area when it comes to securing IT systems. our professional services are included to respond on incident of any cyber issues.

5. Automation /Devops: Cybersecurity threats and tools are constantly evolving, making it difficult to keep up. our traditional team would have capability to monitoring and mitigating vulnerabilities, but that’s not a workable solution nowadays. We are leveraging devops and automation to be able to manage the threat landscape.

6. Data science and data analytics :  Our team is capable to enormous amounts of data companies collect can be used to track threat vectors, identify potential attacks and monitor the effectiveness of countermeasures.

7. Post -mortem deep forensic:  Our Security talent  team must also understand how to conduct a post mortem and/or forensic investigation after an incident. We have taken professional training on extensive deep forensics to help  to develop better incident response skills.

We have developed partnership with following cyber security specialist companies to learn and sharing ideas to develop solutions:-

1. Splunk Inc

2. Symantec Inc.

3. rapid7

4. Qualys

5. ScienceSoft

6. Acunetix

7. Sophos

8. Barracuda

9. RSA

10. Logrytham  

Banking  and Financial Services industry is the fastest growing non-government cyber security  market, as they are the first targets of persons with hostile intentions. 

TrustWave’s 2015 Global Security Report found that 98% of tested web applications, from online payment gateways to e-commerce sites, were vulnerable to attacks and PwC claims, in their Global State of Information Security Survey, that 75% of directors  in major firms and banks are not actively involved in reviewing security and privacy risks. 
most of clients are both private sector companies and govt agencies over Bangladesh. 

Our target clients: Banks and Financial institutions; Govt Agencies: Ministry of Finance; NBR, Bureau of statistics; Biman Bangladesh ; Bangladesh Police; RAB etc;

most of the solutions: 

Vulnerability Assessment ; Penetration Testing;Source Code Audit
Mobility Security; Forensics – IoA, IoC; Malware Analysis; Managed Security Services.

Financial sustainability  will be achieved under the following components:-

1. Access to working capital  under sustained donations and grants.

2. Selling products or services to capturing market to sustain the business and services.

3. Profitability; Market trend profitability will help to sustain  the business. 

4. Reporting and Planning : Continus market planning and R & D of solutions will help us to sustain the market.

We will try to make combination of the above to suating the business and services over Bangladesh.

Tiger Challenge may help us to remove barrier and accelerate the business model under the following points:-

1. Access to working capital.

2. To developing technology venture with other cyber security companies over the globe.

3. Business operation and management service strategy development for sustaining the business and services.

4. To undertake Mentoring  and training on cyber security services.

5. To helping to barnding the solutions to access new markets.

6. To guidance and support to capturing clients  over globally and market channel development.

N/A

Rapid7

Qualys

Splunk