Information Security Services
Our clients benefit from a wealth of cutting-edge knowledge, in-house developed technologies and recognized professionals from a broad range of disciplines and backgrounds. We focus on delivering business results to clients via a unique range of services.
GNUCITIZEN's core information security services can be adapted to suit the client's precise requirements.
GNUCITIZEN provides a thorough security examination of web-based applications. The objective of the service is to ensure that the application is securely deployed, configured and written with all security considerations in mind. Our focus is to identify all web-based vulnerabilities exceeding those covered by the OWASP Top 10, including, but not limited to:
Additionally, GNUCITIZEN has technology-specific web security expertise in Flash, Flex, Java Applets, Java Servlets, Web Browsers and Browser Extensions.
GNUCITIZEN has an extensive background in web application security research. Members of our team have co-authored several industry-recognized books and have contributed many articles to our blog and other popular printed and online media outlets. We are most known for pioneering the web2.0, browser and client-side information security practices and research.
GNUCITIZEN's desktop application security services aim to examine desktop components and applications by testing from internal and external perspective. We are specifically looking into client-side vulnerabilities, session and authentication controls, system and network integration, privacy, endpoint security and others.
GNUCITIZEN has vast experience in dealing with client-side technologies. During the course of our research work, we have identified numerous browser vulnerabilities, issues within KIOSK software and Remote Desktop systems such as Microsoft RDP and CITRIX.
GNUCITIZEN provides a detailed security overview of network systems, the underlying computer network infrastructure, employed networking protocols and the policies adopted by the network administrator to protect the network and its resources from unauthorized access. All network components are examined from variety of internal and external perspectives.
The GNUCITIZEN team have a strong background in network security. We have performed an extensive research in the areas covered by network security practices and have identified several serious design and implementation problems with key technologies such as DHCP and mDNS protocols, multicast clouds, UPnP (Universal Plug and Play), SNMP (Simple Network Management Protocol) and others. We have also been involved with extensive research in the areas of Embedded Devices and Router security. Additionally, GNUCITIZEN has experience testing high-profile financial exchange systems such as those based on the Financial Information eXchange (FIX) protocol.
Our approach to wireless security includes the identification of neighboring, ad-hoc and rogue networks, and the assessment of all wireless access points, client laptops, firewalls, routers, VLANs, other network appliances, other embedded devices, bluetooth components, etc.
GNUCITIZEN specialize in testing and auditing wireless and non-wireless organizations. We have in-depth knowledge of wireless technologies and have developed several offensive and defensive techniques during the course of our research work.
GNUCITIZEN is an information security organization constantly involved with cutting-edge information security research which is reflected on the types of none-standard information security services we offer.
GNUCITIZEN provides cutting-edge web2.0 security testing and consulting services which aim to identify and prevent security issues within the client's Web2.0 integrations, such as AJAX, feeds, blogs, wikis, social networks, centralized identity management systems, micro formats, information aggregators, widgets, gadgets and mashups. The objective of the web2.0 security service is to determine what vulnerabilities, such as insecure design and implementation, week identity control, information leakage, client/server insecurities and others, exist that may allow unauthorized access to the web2.0 infrastructure or leakage of private corporate data.
GNUCITIZEN has pioneered the web2.0 security consulting and penetration testing practices and research. We are defacto the first organization to recognize the insecure nature of web2.0 technologies and as a result we have produced numerous research papers, articles and presentations describing ways attackers may use in order to break into web2.0-enabled infrastructures.
Our Kiosk security services allow organizations to test both, customized and off-the shelf Kiosk software for any attacks that would allow malicious users to bypass the restrictions imposed by the system. GNUCITIZEN will test attacks such as:
GNUCITIZEN can also analyze the security of the network topology where the Kiosk has been located. Could a malicious user probe other sensitive systems located in the same network after the Kiosk security software has been compromised? This is the kind of questions that our assessment will answer for you.
POS terminals should be security-tested just like any other computer system. After all, they have storage, memory and processors just like any other computer system. Unfortunately, when working towards protecting customers' credit card data, POS terminals are often overlooked. Instead, other elements such as web servers, web applications and database servers are usually considired as part of the security-testing plan.
However, it might be possible for fraudsters to install malicious software (malware) on POS terminals that allows them to obtain credit card data and send them to the attackers' servers. Since many POS terminals these days are IP-based, they can connect to any random IP address on the Internet, thus allowing attackers to send captured credit card data to any system of their choice.
Whether you are a POS terminals manufacturer, or a merchant planning to introduce a certain POS terminal model throughout your organization, we can help you find out your POS terminals can be compromised by malicious users.
GNUCITIZEN is a leading information security consultancy, involved with some of the most unique information security practices.
The GNUCITIZEN Tiger Team is a specialized group responsible for testing the effectiveness of an organization's ability to protect assets by attempting to circumvent, defeat or otherwise thwart that organization's internal and external security.
Each Tiger Team operation involves several experts specializing in different areas of the Information Security field. This type of service proves to be extremely valuable to clients who have clear business and security objectives and would like to assess their organization's security by putting it against a practical, targeted, cyber attack performed by experienced Information Security experts.
We specialize in defeating security countermeasures by using the latest offensive technologies, and demonstrating key steps dedicated attackers may take in order to break into your organization's most valuable assets.
Unlike our Tiger Team operations, the GNUCITIZEN's penetration testing practices evolve around testing a specific component from your organization's digital assets. The GNUCITIZEN penetration test is tailor-made for the specific task.
We provide Onsite and Offsite penetration testing services which may include Black Box, White Box or Crystal Box approach to the given task.
GNUCITIZEN is a very specialized group of individuals with a strong background in Information Security research, Cutting-edge Technologies and Innovative Thinking.
We provide a range of custom, security consulting services which involve engaging our creative input in your business workflow.
We are constantly involved with organizing training events and seminars for some of the biggest organizations worldwide. Our work has been featured across industry-standard events such as Black Hat, Defcon, OWASP, Hack in the Box and many others.
GNUCITIZEN has authored several industry-recognized books and currently maintains one of the most popular Information Security blogs today.
The GNUCITIZEN organization releases quality research materials on a daily basis. We have produced numerous research papers and contributed to a number of best-selling books and popular media outlets.
GNUCITIZEN provides custom research services to companies and organizations in need.
For further information regarding our services, please get in touch with us.