HomeCase Studies
Cybersecurity / Security Application Development

Competencies​

Security Services​

25 years in Security implementation and management:

  • Certified ISO 27001, CEH, CISA, CISM
  • Email Security
  • Antivirus, Data Security​
  • Physical Security
  • Network Security​
  • System Backup & Restore​
  • IM Application Security​
  • Network Infrastructure Monitoring​
  • Business Continuity Plan in real practices with SARS and Covid19​

Security Testing​

5+ years of experiences for large software companies​

  • 50 skillful, 20 certified engineers
  • Certified CEH, CompTIA PenTest+, OSCP​
  • Test is executed for TMA systems and client systems
  • Standard test process defined​
  • Test category: web, applications, network, software, OS, Database
  • Test method: Blackbox, Greybox, Whitebox​

Techniques & Tools​

Standards​

  • CVSS Score v3​
  • NIST and CIS Compliance​
  • OWAPS Top 10​
  • Request For Comment (RFC)

Security Platform Type​

  • Web Application​
  • System Security
  • Network Security​
  • Cloud Security​
  • Physical Security

Security Test Types​

  • Vulnerability Scanning​
  • Compliance Scanning​
  • Web Application Scanning​
  • Fuzzing Testing 

Test Tools​

  • Nessus​
  • Codenomicon Defensics​
  • Qualys ​
  • Burp Suite Pro Scanner​
  • Compliance scanners (Openscap)

Security Testing Process​

Vulnerability Scan (Nessus)​

  • Nessus is a vulnerability scanner which is designed to scan networks and identify vulnerabilities, misconfigurations, and other security issues.​
  • It supports various types of platform and scans, including host discovery, port scanning, network scanning and host-based scanning.​
  • It generated details reports based on severity of vulnerabilities and theirs remediation  

Compliance Scan​

  • A compliance scan is a type of security scan that assesses an organization's compliance with industry or regulatory standards​
  • Follow two of most popular organization: National Institute for Standards and Technology (NIST) and Center for Internet Security (CIS)
  • Supporting many platforms and systems such as OS, Network Devices, Databases, Web Application…​

Fuzzing Testing​

  • Codenomicon Defensics is an automated protocol robustness tool that sends unexpected or malformed data (a.k.a. “Fuzzing”) to test the protocol stack’s behavior.​
  • It organizes and tests many protocols (SIP, IPv4, IPv6, H.248…) by message type. For example: the SIP test suites consist of over 20 message types (Invite Bye, Invite Refer, Invite Cancel….)

Web Application Scan​

  • Qualys' web application scanning can identify vulnerabilities in web applications, including those that may be used to steal sensitive data, take control of the application, compliance issues related to web application security. Qualys also support vulnerability scanning
  • Burp Suite Pro scanner can scan web applications for a range of vulnerabilities, including SQL injection, cross-site scripting (XSS), remote code execution, and file inclusion vulnerabilities. It can also identify issues related to authentication, access controls, and session management.

Report Content

Overview Information of Scanning

Summary of the Findings

Details of Analysis of Findings

Risk Ratings

Remediation Details

Detail of Report

Case Study

Case Study

Vulnerability Scan​

Compliance Scan​

​Codenomicon Defensics​

​​Web Application Scan​

  • System under test: Carrier VoIP Provisioning Portal Server which is a Web UI provides secure subscriber provisioning, device provisioning, system resource management, etc…​
  • Test method: Credential on
  • Test category: Web Application​
  • Tools used: Nessus

Test Procedure:​

  • Execute vulnerability scanning against the target
  • Generate scan reports ​
  • Check for real issue​

Summary of issues found:​

  • RPM package updates​
  • TLS vulnerable version​
  • Apache Log4j​
  • System under test: Media Server which is a Linux system provides media processing functions, system resource management, etc…
  • Test method: Credential on
  • Test category: System Compliance​
  • Tools used: Nessus

Test Procedure:​

  • Execute OS Compliance scan against target
  • Generate scan reports ​
  • Check for real issues of failed compliance items​

Summary of issues found:​

  • Compliance Failure Items of system​
  • System under test: Carrier VoIP Server which provides secure SIP calls​
  • Test method: Credential on
  • Test category: Call Server
  • Tools used: Codenomicon Defensics​

Test Procedure:​

  • Setup SIP UAS message with Invite-Bye call​
  • Run the suite with randomized anomalies​
  • Check the behavior of target to the anomaly messages

Summary of issues found:​

  • Target switch activity to standby unit since it can’t handle anomaly in Record-Route header​
  • Target response improperly to the valid anomaly in Call-ID according to SIP RFC​
  • System under test: Call-Signaling Processing Server which is a Web UI provides signaling processing of call, secure subscriber provisioning, call routing, etc…​
  • Test method: Credential on
  • Test category: Web Application​
  • Tools used: Qualys​

Test Procedure:​

  • Execute Web Application scan against target
  • Generate scan reports ​
  • Check for real issues​

Summary of issues found:​

  • Command Injection
  • Cross-site Request Forgery​
  • Cookie Missing Security Attributes
decor

Contact Us

Share with us your challenges. We are here to support.

Name *
Email *
Company *
Websites
Country *
United States
AndorraAndorra
United Arab EmiratesUnited Arab Emirates
AfghanistanAfghanistan
Antigua and BarbudaAntigua and Barbuda
AnguillaAnguilla
AlbaniaAlbania
ArmeniaArmenia
AngolaAngola
ArgentinaArgentina
AustriaAustria
AustraliaAustralia
ArubaAruba
Åland IslandsÅland Islands
AzerbaijanAzerbaijan
Bosnia and HerzegovinaBosnia and Herzegovina
BarbadosBarbados
BangladeshBangladesh
BelgiumBelgium
Burkina FasoBurkina Faso
BulgariaBulgaria
BahrainBahrain
BurundiBurundi
BeninBenin
BermudaBermuda
Brunei DarussalamBrunei Darussalam
BoliviaBolivia
BrazilBrazil
BahamasBahamas
BhutanBhutan
BotswanaBotswana
BelarusBelarus
BelizeBelize
CanadaCanada
Congo, Democratic Republic of theCongo, Democratic Republic of the
Central African RepublicCentral African Republic
CongoCongo
SwitzerlandSwitzerland
Cote d'IvoireCote d'Ivoire
ChileChile
CameroonCameroon
ChinaChina
ColombiaColombia
Costa RicaCosta Rica
CubaCuba
Cape VerdeCape Verde
CyprusCyprus
Czech RepublicCzech Republic
GermanyGermany
DjiboutiDjibouti
DenmarkDenmark
DominicaDominica
Dominican RepublicDominican Republic
AlgeriaAlgeria
EcuadorEcuador
EstoniaEstonia
EgyptEgypt
EritreaEritrea
SpainSpain
EthiopiaEthiopia
FinlandFinland
FijiFiji
Falkland IslandsFalkland Islands
Federated States of MicronesiaFederated States of Micronesia
FranceFrance
GabonGabon
United KingdomUnited Kingdom
GrenadaGrenada
GeorgiaGeorgia
GuernseyGuernsey
GhanaGhana
GibraltarGibraltar
GambiaGambia
GuineaGuinea
Equatorial GuineaEquatorial Guinea
GreeceGreece
GuatemalaGuatemala
Guinea-BissauGuinea-Bissau
GuyanaGuyana
Hong KongHong Kong
HondurasHonduras
CroatiaCroatia
HaitiHaiti
HungaryHungary
IndonesiaIndonesia
IrelandIreland
IsraelIsrael
Isle of ManIsle of Man
IndiaIndia
IraqIraq
IranIran
IcelandIceland
ItalyItaly
JerseyJersey
JamaicaJamaica
JordanJordan
JapanJapan
KenyaKenya
KyrgyzstanKyrgyzstan
CambodiaCambodia
ComorosComoros
Saint Kitts and NevisSaint Kitts and Nevis
North KoreaNorth Korea
South KoreaSouth Korea
KuwaitKuwait
Cayman IslandsCayman Islands
KazakhstanKazakhstan
LaosLaos
LebanonLebanon
Saint LuciaSaint Lucia
LiechtensteinLiechtenstein
Sri LankaSri Lanka
LiberiaLiberia
LesothoLesotho
LithuaniaLithuania
LuxembourgLuxembourg
LatviaLatvia
LibyaLibya
MoroccoMorocco
MonacoMonaco
MoldovaMoldova
MontenegroMontenegro
MadagascarMadagascar
North MacedoniaNorth Macedonia
MaliMali
BurmaBurma
MongoliaMongolia
MacaoMacao
MauritaniaMauritania
MontserratMontserrat
MaltaMalta
MauritiusMauritius
MaldivesMaldives
MalawiMalawi
MexicoMexico
MalaysiaMalaysia
MozambiqueMozambique
NamibiaNamibia
NigerNiger
NigeriaNigeria
NicaraguaNicaragua
NetherlandsNetherlands
NepalNepal
New ZealandNew Zealand
OmanOman
PanamaPanama
PeruPeru
French PolynesiaFrench Polynesia
Papua New GuineaPapua New Guinea
PhilippinesPhilippines
PakistanPakistan
PolandPoland
Puerto RicoPuerto Rico
PortugalPortugal
PalauPalau
ParaguayParaguay
QatarQatar
RomaniaRomania
SerbiaSerbia
RussiaRussia
RwandaRwanda
Saudi ArabiaSaudi Arabia
Solomon IslandsSolomon Islands
SeychellesSeychelles
SudanSudan
SwedenSweden
SingaporeSingapore
SloveniaSlovenia
SlovakiaSlovakia
Sierra LeoneSierra Leone
San MarinoSan Marino
SenegalSenegal
SomaliaSomalia
SurinameSuriname
Sao Tome and PrincipeSao Tome and Principe
El SalvadorEl Salvador
SyriaSyria
SwazilandSwaziland
Turks and Caicos IslandsTurks and Caicos Islands
ChadChad
TogoTogo
ThailandThailand
TajikistanTajikistan
Timor-LesteTimor-Leste
TurkmenistanTurkmenistan
TunisiaTunisia
TongaTonga
TurkeyTurkey
Trinidad and TobagoTrinidad and Tobago
TaiwanTaiwan
TanzaniaTanzania
UkraineUkraine
UgandaUganda
United StatesUnited States
UruguayUruguay
UzbekistanUzbekistan
Saint Vincent and the GrenadinesSaint Vincent and the Grenadines
VenezuelaVenezuela
Virgin Islands, BritishVirgin Islands, British
VietnamVietnam
VanuatuVanuatu
SamoaSamoa
YemenYemen
South AfricaSouth Africa
ZambiaZambia
ZimbabweZimbabwe
Phone
(+1)
Andorra Andorra(+376)
United Arab Emirates United Arab Emirates(+971)
Afghanistan Afghanistan(+93)
Antigua and Barbuda Antigua and Barbuda(+1 268)
Anguilla Anguilla(+1 264)
Albania Albania(+355)
Armenia Armenia(+374)
Angola Angola(+244)
Argentina Argentina(+54)
Austria Austria(+43)
Australia Australia(+61)
Aruba Aruba(+297)
Åland Islands Åland Islands(+358)
Azerbaijan Azerbaijan(+994)
Bosnia and Herzegovina Bosnia and Herzegovina(+387)
Barbados Barbados(+1 246)
Bangladesh Bangladesh(+880)
Belgium Belgium(+32)
Burkina Faso Burkina Faso(+226)
Bulgaria Bulgaria(+359)
Bahrain Bahrain(+973)
Burundi Burundi(+257)
Benin Benin(+229)
Bermuda Bermuda(+1 441)
Brunei Darussalam Brunei Darussalam(+673)
Bolivia Bolivia(+591)
Brazil Brazil(+55)
Bahamas Bahamas(+1 242)
Bhutan Bhutan(+975)
Botswana Botswana(+267)
Belarus Belarus(+375)
Belize Belize(+501)
Canada Canada(+1)
Congo, Democratic Republic of the Congo, Democratic Republic of the(+243)
Central African Republic Central African Republic(+236)
Congo Congo(+242)
Switzerland Switzerland(+41)
Cote d'Ivoire Cote d'Ivoire(+225)
Chile Chile(+56)
Cameroon Cameroon(+237)
China China(+86)
Colombia Colombia(+57)
Costa Rica Costa Rica(+506)
Cuba Cuba(+53)
Cape Verde Cape Verde(+238)
Cyprus Cyprus(+357)
Czech Republic Czech Republic(+420)
Germany Germany(+49)
Djibouti Djibouti(+253)
Denmark Denmark(+45)
Dominica Dominica(+1 767)
Dominican Republic Dominican Republic(+1 809)
Algeria Algeria(+213)
Ecuador Ecuador(+593)
Estonia Estonia(+372)
Egypt Egypt(+20)
Eritrea Eritrea(+291)
Spain Spain(+34)
Ethiopia Ethiopia(+251)
Finland Finland(+358)
Fiji Fiji(+679)
Falkland Islands Falkland Islands(+500)
Federated States of Micronesia Federated States of Micronesia(+691)
France France(+33)
Gabon Gabon(+241)
United Kingdom United Kingdom(+44)
Grenada Grenada(+1 473)
Georgia Georgia(+995)
Guernsey Guernsey(+44)
Ghana Ghana(+233)
Gibraltar Gibraltar(+350)
Gambia Gambia(+220)
Guinea Guinea(+224)
Equatorial Guinea Equatorial Guinea(+240)
Greece Greece(+30)
Guatemala Guatemala(+502)
Guinea-Bissau Guinea-Bissau(+245)
Guyana Guyana(+592)
Hong Kong Hong Kong(+852)
Honduras Honduras(+504)
Croatia Croatia(+385)
Haiti Haiti(+509)
Hungary Hungary(+36)
Indonesia Indonesia(+62)
Ireland Ireland(+353)
Israel Israel(+972)
Isle of Man Isle of Man(+44)
India India(+91)
Iraq Iraq(+964)
Iran Iran(+98)
Iceland Iceland(+354)
Italy Italy(+39)
Jersey Jersey(+44)
Jamaica Jamaica(+1 876)
Jordan Jordan(+962)
Japan Japan(+81)
Kenya Kenya(+254)
Kyrgyzstan Kyrgyzstan(+996)
Cambodia Cambodia(+855)
Comoros Comoros(+269)
Saint Kitts and Nevis Saint Kitts and Nevis(+1 869)
North Korea North Korea(+850)
South Korea South Korea(+82)
Kuwait Kuwait(+965)
Cayman Islands Cayman Islands(+1 345)
Kazakhstan Kazakhstan(+7)
Laos Laos(+856)
Lebanon Lebanon(+961)
Saint Lucia Saint Lucia(+1 758)
Liechtenstein Liechtenstein(+423)
Sri Lanka Sri Lanka(+94)
Liberia Liberia(+231)
Lesotho Lesotho(+266)
Lithuania Lithuania(+370)
Luxembourg Luxembourg(+352)
Latvia Latvia(+371)
Libya Libya(+218)
Morocco Morocco(+212)
Monaco Monaco(+377)
Moldova Moldova(+373)
Montenegro Montenegro(+382)
Madagascar Madagascar(+261)
North Macedonia North Macedonia(+389)
Mali Mali(+223)
Burma Burma(+95)
Mongolia Mongolia(+976)
Macao Macao(+853)
Mauritania Mauritania(+222)
Montserrat Montserrat(+1 664)
Malta Malta(+356)
Mauritius Mauritius(+230)
Maldives Maldives(+960)
Malawi Malawi(+265)
Mexico Mexico(+52)
Malaysia Malaysia(+60)
Mozambique Mozambique(+258)
Namibia Namibia(+264)
Niger Niger(+227)
Nigeria Nigeria(+234)
Nicaragua Nicaragua(+505)
Netherlands Netherlands(+31)
Nepal Nepal(+977)
New Zealand New Zealand(+64)
Oman Oman(+968)
Panama Panama(+507)
Peru Peru(+51)
French Polynesia French Polynesia(+689)
Papua New Guinea Papua New Guinea(+675)
Philippines Philippines(+63)
Pakistan Pakistan(+92)
Poland Poland(+48)
Puerto Rico Puerto Rico(+1 787)
Portugal Portugal(+351)
Palau Palau(+680)
Paraguay Paraguay(+595)
Qatar Qatar(+974)
Romania Romania(+40)
Serbia Serbia(+381)
Russia Russia(+7)
Rwanda Rwanda(+250)
Saudi Arabia Saudi Arabia(+966)
Solomon Islands Solomon Islands(+677)
Seychelles Seychelles(+248)
Sudan Sudan(+249)
Sweden Sweden(+46)
Singapore Singapore(+65)
Slovenia Slovenia(+386)
Slovakia Slovakia(+421)
Sierra Leone Sierra Leone(+232)
San Marino San Marino(+378)
Senegal Senegal(+221)
Somalia Somalia(+252)
Suriname Suriname(+597)
Sao Tome and Principe Sao Tome and Principe(+239)
El Salvador El Salvador(+503)
Syria Syria(+963)
Swaziland Swaziland(+268)
Turks and Caicos Islands Turks and Caicos Islands(+1 649)
Chad Chad(+235)
Togo Togo(+228)
Thailand Thailand(+66)
Tajikistan Tajikistan(+992)
Timor-Leste Timor-Leste(+670)
Turkmenistan Turkmenistan(+993)
Tunisia Tunisia(+216)
Tonga Tonga(+676)
Turkey Turkey(+90)
Trinidad and Tobago Trinidad and Tobago(+1 868)
Taiwan Taiwan(+886)
Tanzania Tanzania(+255)
Ukraine Ukraine(+380)
Uganda Uganda(+256)
United States United States(+1)
Uruguay Uruguay(+598)
Uzbekistan Uzbekistan(+998)
Saint Vincent and the Grenadines Saint Vincent and the Grenadines(+1 784)
Venezuela Venezuela(+58)
Virgin Islands, British Virgin Islands, British(+1 284)
Vietnam Vietnam(+84)
Vanuatu Vanuatu(+678)
Samoa Samoa(+685)
Yemen Yemen(+967)
South Africa South Africa(+27)
Zambia Zambia(+260)
Zimbabwe Zimbabwe(+263)
Enquiry *
Check out our Privacy Policy to learn more about how we handle your personal data.
* Required fields
decor banner Left

Related Case Studies

TMA Security Solution dashboard showing AI-powered threat detection, incident response, and automation tools in a unified platform

TMA Security Solution

Cybersecurity
Data Science & AI/ML
Security Application Development
Explore Morearrow_blue
Penetration Testing Service

Penetration Testing Service

Cybersecurity
Software Testing
Security Application Development
TMA has 10+ years of experiences providing services of Security testing and Penetration testing
Explore Morearrow_blue
Embedding Static Application Security Testing (SAST) into a JenkinsBitbucket Pipeline

Embedding Static Application Security Testing (SAST) into a JenkinsBitbucket Pipeline

Cybersecurity
Security Application Development
We integrated Static Application Security Testing (SAST) into a Jenkins–Bitbucket pipeline for a U.S. cybersecurity firm, automating vulnerability detection and improving secure coding practices from commit to release.
Explore Morearrow_blue