Penetration test is an analysis performed from a hacker’s point of view to determine the information asset’s actual level of security and SSR’s penetration is manually performed by a professional consultant.

Technical Consulting

Web Vulnerability Analysis

Vulnerability Analysis carried out based on the client’s web service checklist

ㆍMain Analysis Items

General Products/Finance-Clients
OWASP Top 10 Vulnerabilities General Items
SSR 47 Vulnerability Analysis Items National Intelligence Service’s 8 Major Vulnerability Items
Science and Technology Education Center guideline
Financial Supervisory Service guidelines

Web Penetration Test

Analyze the vulnerability and its effect on related system

ㆍMain Analysis Item

- Analyze the vulnerability’s effect on leaks/damages to IT assets of system and DB

- Manually performed by a professional consultant

Web App Source Code Vulnerability Analysis

Determine the vulnerabilities within web application source code and suggest proper countermeasures.

ㆍMain Analysis Item

- Check for proper input value verification

- Check for Secure Code application

- Check for important information leaks

Reverse Engineering Analysis

Discovering security threats that can occur by evasion and providing countermeasures to the related vulnerabilities by reverse engineering the program’s essential function.

ㆍMain Analysis Items

- In-depth analysis by experts using professional tools

- It takes longer and cost more than other analysis methods

Ex.) DRM (Digital Rights Management) Solution Analysis

- Detailed analysis on illegal approach/access/alteration/deletion to another user’s document

- Analyzes existence of vulnerabilities such as forced termination/deletion of programs

Source Code Vulnerability Analysis (C/S Application)

Determine vulnerabilities on the source and suggest countermeasures

ㆍMain Analysis Items

- Check for proper input value verification

- Check for Secure Code application

- Check for important information leaks

Smart Mobile App Vulnerability Analysis

Perform analysis by dividing the Smart Office environment of public institutions and conglomerates into Application and Client Mobile App transmission processes, and suggest proper countermeasures to the vulnerabilities.

ㆍMain Advantages

- Specialized 3 step analysis for Mobile service (Source, Middleware/Server, App)

(Source, Middleware/Server, App)

- Specialized analysis for diversified transmission environment

(3G, 4G, WiFi)

- Analyze the possibility of private/public data leakage through Mobile

(Android, iPhone)

OS Vulnerability Analysis

Analysis aimed at hardening the server OS setting

ㆍAnalysis Based Category Items/Checklist

- Account management, security patch, service management, system configuration, file management Supported OS

ㆍSupported OS

- AIX, HP-UX, Linux (32bit, 64bit), Solaris8 (sparc, 32bit, 64bit, x86), Windows (32bit, 64bit)

WEB/WAS Vulnerability Analysis

Analysis aimed at hardening WEB/WAS service server setting

ㆍAnalysis Based Category Items/Checklist

- Authorization management, system security setting, security patch

ㆍSupported OS

- IIS, Apache, webToB, Jeus, Tomcat, Weblogic, etc.

DBMS Server Vulnerability Analysis

Analysis aimed at hardening DBMS service server setting

ㆍAnalysis Based Category Items/Checklist

- Authorization management, system security setting, environment file analysis, audit event, security patch

ㆍSupported OS

- Oracle, MS-SQL, MySQL

Network Component Security Analysis

Analyze the company’s network condition and vulnerability to security threats, then determine & suggest countermeasures. 시

ㆍNetwork Analysis Target

- Physical/logical component, information security system location, information security system setting, information security system application, rule relevance, etc.

ㆍMain Service

- Relevance of information security system’s physical/logical component within the service net

- Relevance of information security system’s setting and security policy application

Network Tool Vulnerability Analysis

Analysis aimed at hardening network’s transmission tool setting

ㆍAnalysis Based Category Items/Checklist

- Account management, service management, configuration, log management, security patch

ㆍHardening Target

- L3, L4 Switch

Information Security System Analysis

Analysis aimed at hardening information security system which protects information assets

ㆍAnalysis Based Category Items/Checklist

- Physical/logical component, information security location, information security setting, information security application, rule relevance, etc.

ㆍMain Service

- Relevance of information security system’s physical/logical components within the service net

- Relevance of information security system’s configuration and security policy application

Log Analysis Service

Analyzing the possibility of private/corporate data leakage via log record

ㆍLog Types

- Event log, System log, WEB log, WAS log

ㆍMain Service

- Log analysis via SSR’s expert

- Analysis on possible private/corporate data leakage

Security Incident Analysis Service

Analyzing attack pattern/path/domain & suggesting countermeasures

ㆍMain Service

- Detailed analysis on intellectualized/highly-advanced attack pattern by expert consultants in case of security incident

- Determine the path/scale of damage and suggest countermeasures