HomeCase Studies
Cybersecurity / Security Application Development

Competencies​

Security Services​

25 years in Security implementation and management:

  • Certified ISO 27001, CEH, CISA, CISM
  • Email Security
  • Antivirus, Data Security​
  • Physical Security
  • Network Security​
  • System Backup & Restore​
  • IM Application Security​
  • Network Infrastructure Monitoring​
  • Business Continuity Plan in real practices with SARS and Covid19​

Security Testing​

5+ years of experiences for large software companies​

  • 50 skillful, 20 certified engineers
  • Certified CEH, CompTIA PenTest+, OSCP​
  • Test is executed for TMA systems and client systems
  • Standard test process defined​
  • Test category: web, applications, network, software, OS, Database
  • Test method: Blackbox, Greybox, Whitebox​

Techniques & Tools​

Standards​

  • CVSS Score v3​
  • NIST and CIS Compliance​
  • OWAPS Top 10​
  • Request For Comment (RFC)

Security Platform Type​

  • Web Application​
  • System Security
  • Network Security​
  • Cloud Security​
  • Physical Security

Security Test Types​

  • Vulnerability Scanning​
  • Compliance Scanning​
  • Web Application Scanning​
  • Fuzzing Testing 

Test Tools​

  • Nessus​
  • Codenomicon Defensics​
  • Qualys ​
  • Burp Suite Pro Scanner​
  • Compliance scanners (Openscap)

Security Testing Process​

Vulnerability Scan (Nessus)​

  • Nessus is a vulnerability scanner which is designed to scan networks and identify vulnerabilities, misconfigurations, and other security issues.​
  • It supports various types of platform and scans, including host discovery, port scanning, network scanning and host-based scanning.​
  • It generated details reports based on severity of vulnerabilities and theirs remediation  

Compliance Scan​

  • A compliance scan is a type of security scan that assesses an organization's compliance with industry or regulatory standards​
  • Follow two of most popular organization: National Institute for Standards and Technology (NIST) and Center for Internet Security (CIS)
  • Supporting many platforms and systems such as OS, Network Devices, Databases, Web Application…​

Fuzzing Testing​

  • Codenomicon Defensics is an automated protocol robustness tool that sends unexpected or malformed data (a.k.a. “Fuzzing”) to test the protocol stack’s behavior.​
  • It organizes and tests many protocols (SIP, IPv4, IPv6, H.248…) by message type. For example: the SIP test suites consist of over 20 message types (Invite Bye, Invite Refer, Invite Cancel….)

Web Application Scan​

  • Qualys' web application scanning can identify vulnerabilities in web applications, including those that may be used to steal sensitive data, take control of the application, compliance issues related to web application security. Qualys also support vulnerability scanning
  • Burp Suite Pro scanner can scan web applications for a range of vulnerabilities, including SQL injection, cross-site scripting (XSS), remote code execution, and file inclusion vulnerabilities. It can also identify issues related to authentication, access controls, and session management.

Report Content

Overview Information of Scanning

Summary of the Findings

Details of Analysis of Findings

Risk Ratings

Remediation Details

Detail of Report

Case Study

Case Study

Vulnerability Scan​

Compliance Scan​

​Codenomicon Defensics​

​​Web Application Scan​

  • System under test: Carrier VoIP Provisioning Portal Server which is a Web UI provides secure subscriber provisioning, device provisioning, system resource management, etc…​
  • Test method: Credential on
  • Test category: Web Application​
  • Tools used: Nessus

Test Procedure:​

  • Execute vulnerability scanning against the target
  • Generate scan reports ​
  • Check for real issue​

Summary of issues found:​

  • RPM package updates​
  • TLS vulnerable version​
  • Apache Log4j​
  • System under test: Media Server which is a Linux system provides media processing functions, system resource management, etc…
  • Test method: Credential on
  • Test category: System Compliance​
  • Tools used: Nessus

Test Procedure:​

  • Execute OS Compliance scan against target
  • Generate scan reports ​
  • Check for real issues of failed compliance items​

Summary of issues found:​

  • Compliance Failure Items of system​
  • System under test: Carrier VoIP Server which provides secure SIP calls​
  • Test method: Credential on
  • Test category: Call Server
  • Tools used: Codenomicon Defensics​

Test Procedure:​

  • Setup SIP UAS message with Invite-Bye call​
  • Run the suite with randomized anomalies​
  • Check the behavior of target to the anomaly messages

Summary of issues found:​

  • Target switch activity to standby unit since it can’t handle anomaly in Record-Route header​
  • Target response improperly to the valid anomaly in Call-ID according to SIP RFC​
  • System under test: Call-Signaling Processing Server which is a Web UI provides signaling processing of call, secure subscriber provisioning, call routing, etc…​
  • Test method: Credential on
  • Test category: Web Application​
  • Tools used: Qualys​

Test Procedure:​

  • Execute Web Application scan against target
  • Generate scan reports ​
  • Check for real issues​

Summary of issues found:​

  • Command Injection
  • Cross-site Request Forgery​
  • Cookie Missing Security Attributes
decor

Contact Us

Share with us your challenges. We are here to support.

Name *
Email *
Company *
Country *
ex. United Stated
AndorraAndorra
United Arab EmiratesUnited Arab Emirates
AfghanistanAfghanistan
Antigua and BarbudaAntigua and Barbuda
AnguillaAnguilla
AlbaniaAlbania
ArmeniaArmenia
AngolaAngola
ArgentinaArgentina
American SamoaAmerican Samoa
AustriaAustria
AustraliaAustralia
ArubaAruba
Åland IslandsÅland Islands
AzerbaijanAzerbaijan
Bosnia and HerzegovinaBosnia and Herzegovina
BarbadosBarbados
BangladeshBangladesh
BelgiumBelgium
Burkina FasoBurkina Faso
BulgariaBulgaria
BahrainBahrain
BurundiBurundi
BeninBenin
BermudaBermuda
Brunei DarussalamBrunei Darussalam
BoliviaBolivia
BrazilBrazil
BahamasBahamas
BhutanBhutan
BotswanaBotswana
BelarusBelarus
BelizeBelize
CanadaCanada
Cocos (Keeling) IslandsCocos (Keeling) Islands
Congo, Democratic Republic of theCongo, Democratic Republic of the
Central African RepublicCentral African Republic
CongoCongo
SwitzerlandSwitzerland
Cote d'IvoireCote d'Ivoire
Cook IslandsCook Islands
ChileChile
CameroonCameroon
ChinaChina
ColombiaColombia
Costa RicaCosta Rica
CubaCuba
Cape VerdeCape Verde
CuraçaoCuraçao
Christmas IslandChristmas Island
CyprusCyprus
Czech RepublicCzech Republic
GermanyGermany
DjiboutiDjibouti
DenmarkDenmark
DominicaDominica
Dominican RepublicDominican Republic
AlgeriaAlgeria
EcuadorEcuador
EstoniaEstonia
EgyptEgypt
Western SaharaWestern Sahara
EritreaEritrea
SpainSpain
EthiopiaEthiopia
FinlandFinland
FijiFiji
Falkland IslandsFalkland Islands
Federated States of MicronesiaFederated States of Micronesia
Faroe IslandsFaroe Islands
FranceFrance
GabonGabon
United KingdomUnited Kingdom
GrenadaGrenada
GeorgiaGeorgia
GuernseyGuernsey
GhanaGhana
GibraltarGibraltar
GreenlandGreenland
GambiaGambia
GuineaGuinea
Equatorial GuineaEquatorial Guinea
GreeceGreece
GuatemalaGuatemala
GuamGuam
Guinea-BissauGuinea-Bissau
GuyanaGuyana
Hong KongHong Kong
HondurasHonduras
CroatiaCroatia
HaitiHaiti
HungaryHungary
IndonesiaIndonesia
IrelandIreland
IsraelIsrael
Isle of ManIsle of Man
IndiaIndia
IraqIraq
IranIran
IcelandIceland
ItalyItaly
JerseyJersey
JamaicaJamaica
JordanJordan
JapanJapan
KenyaKenya
KyrgyzstanKyrgyzstan
CambodiaCambodia
KiribatiKiribati
ComorosComoros
Saint Kitts and NevisSaint Kitts and Nevis
North KoreaNorth Korea
South KoreaSouth Korea
KuwaitKuwait
Cayman IslandsCayman Islands
KazakhstanKazakhstan
LaosLaos
LebanonLebanon
Saint LuciaSaint Lucia
LiechtensteinLiechtenstein
Sri LankaSri Lanka
LiberiaLiberia
LesothoLesotho
LithuaniaLithuania
LuxembourgLuxembourg
LatviaLatvia
LibyaLibya
MoroccoMorocco
MonacoMonaco
MoldovaMoldova
MontenegroMontenegro
Saint Martin (French Part)Saint Martin (French Part)
MadagascarMadagascar
Marshall IslandsMarshall Islands
North MacedoniaNorth Macedonia
MaliMali
BurmaBurma
MongoliaMongolia
MacaoMacao
Northern Mariana IslandsNorthern Mariana Islands
MartiniqueMartinique
MauritaniaMauritania
MontserratMontserrat
MaltaMalta
MauritiusMauritius
MaldivesMaldives
MalawiMalawi
MexicoMexico
MalaysiaMalaysia
MozambiqueMozambique
NamibiaNamibia
New CaledoniaNew Caledonia
NigerNiger
Norfolk IslandNorfolk Island
NigeriaNigeria
NicaraguaNicaragua
NetherlandsNetherlands
NepalNepal
NauruNauru
NiueNiue
New ZealandNew Zealand
OmanOman
PanamaPanama
PeruPeru
French PolynesiaFrench Polynesia
Papua New GuineaPapua New Guinea
PhilippinesPhilippines
PakistanPakistan
PolandPoland
Puerto RicoPuerto Rico
PalestinePalestine
PortugalPortugal
PalauPalau
ParaguayParaguay
QatarQatar
ReunionReunion
RomaniaRomania
SerbiaSerbia
RussiaRussia
RwandaRwanda
Saudi ArabiaSaudi Arabia
Solomon IslandsSolomon Islands
SeychellesSeychelles
SudanSudan
SwedenSweden
SingaporeSingapore
SloveniaSlovenia
SlovakiaSlovakia
Sierra LeoneSierra Leone
San MarinoSan Marino
SenegalSenegal
SomaliaSomalia
SurinameSuriname
South SudanSouth Sudan
Sao Tome and PrincipeSao Tome and Principe
El SalvadorEl Salvador
SyriaSyria
SwazilandSwaziland
Turks and Caicos IslandsTurks and Caicos Islands
ChadChad
TogoTogo
ThailandThailand
TajikistanTajikistan
TokelauTokelau
Timor-LesteTimor-Leste
TurkmenistanTurkmenistan
TunisiaTunisia
TongaTonga
TurkeyTurkey
Trinidad and TobagoTrinidad and Tobago
TuvaluTuvalu
TaiwanTaiwan
TanzaniaTanzania
UkraineUkraine
UgandaUganda
United StatesUnited States
UruguayUruguay
UzbekistanUzbekistan
Holy See (Vatican City State)Holy See (Vatican City State)
Saint Vincent and the GrenadinesSaint Vincent and the Grenadines
VenezuelaVenezuela
Virgin Islands, BritishVirgin Islands, British
Virgin Islands, U.S.Virgin Islands, U.S.
VietnamVietnam
VanuatuVanuatu
Wallis and FutunaWallis and Futuna
SamoaSamoa
YemenYemen
MayotteMayotte
South AfricaSouth Africa
ZambiaZambia
ZimbabweZimbabwe
Phone
(+1)
AndorraAndorra(+376)
United Arab EmiratesUnited Arab Emirates(+971)
AfghanistanAfghanistan(+93)
Antigua and BarbudaAntigua and Barbuda(+1 268)
AnguillaAnguilla(+1 264)
AlbaniaAlbania(+355)
ArmeniaArmenia(+374)
AngolaAngola(+244)
ArgentinaArgentina(+54)
American SamoaAmerican Samoa(+1 684)
AustriaAustria(+43)
AustraliaAustralia(+61)
ArubaAruba(+297)
Åland IslandsÅland Islands(+358)
AzerbaijanAzerbaijan(+994)
Bosnia and HerzegovinaBosnia and Herzegovina(+387)
BarbadosBarbados(+1 246)
BangladeshBangladesh(+880)
BelgiumBelgium(+32)
Burkina FasoBurkina Faso(+226)
BulgariaBulgaria(+359)
BahrainBahrain(+973)
BurundiBurundi(+257)
BeninBenin(+229)
BermudaBermuda(+1 441)
Brunei DarussalamBrunei Darussalam(+673)
BoliviaBolivia(+591)
BrazilBrazil(+55)
BahamasBahamas(+1 242)
BhutanBhutan(+975)
BotswanaBotswana(+267)
BelarusBelarus(+375)
BelizeBelize(+501)
CanadaCanada(+1)
Cocos (Keeling) IslandsCocos (Keeling) Islands(+61)
Congo, Democratic Republic of theCongo, Democratic Republic of the(+243)
Central African RepublicCentral African Republic(+236)
CongoCongo(+242)
SwitzerlandSwitzerland(+41)
Cote d'IvoireCote d'Ivoire(+225)
Cook IslandsCook Islands(+682)
ChileChile(+56)
CameroonCameroon(+237)
ChinaChina(+86)
ColombiaColombia(+57)
Costa RicaCosta Rica(+506)
CubaCuba(+53)
Cape VerdeCape Verde(+238)
CuraçaoCuraçao(+599)
Christmas IslandChristmas Island(+61)
CyprusCyprus(+357)
Czech RepublicCzech Republic(+420)
GermanyGermany(+49)
DjiboutiDjibouti(+253)
DenmarkDenmark(+45)
DominicaDominica(+1 767)
Dominican RepublicDominican Republic(+1 809)
AlgeriaAlgeria(+213)
EcuadorEcuador(+593)
EstoniaEstonia(+372)
EgyptEgypt(+20)
Western SaharaWestern Sahara(+212)
EritreaEritrea(+291)
SpainSpain(+34)
EthiopiaEthiopia(+251)
FinlandFinland(+358)
FijiFiji(+679)
Falkland IslandsFalkland Islands(+500)
Federated States of MicronesiaFederated States of Micronesia(+691)
Faroe IslandsFaroe Islands(+298)
FranceFrance(+33)
GabonGabon(+241)
United KingdomUnited Kingdom(+44)
GrenadaGrenada(+1 473)
GeorgiaGeorgia(+995)
GuernseyGuernsey(+44)
GhanaGhana(+233)
GibraltarGibraltar(+350)
GreenlandGreenland(+299)
GambiaGambia(+220)
GuineaGuinea(+224)
Equatorial GuineaEquatorial Guinea(+240)
GreeceGreece(+30)
GuatemalaGuatemala(+502)
GuamGuam(+1 671)
Guinea-BissauGuinea-Bissau(+245)
GuyanaGuyana(+592)
Hong KongHong Kong(+852)
HondurasHonduras(+504)
CroatiaCroatia(+385)
HaitiHaiti(+509)
HungaryHungary(+36)
IndonesiaIndonesia(+62)
IrelandIreland(+353)
IsraelIsrael(+972)
Isle of ManIsle of Man(+44)
IndiaIndia(+91)
IraqIraq(+964)
IranIran(+98)
IcelandIceland(+354)
ItalyItaly(+39)
JerseyJersey(+44)
JamaicaJamaica(+1 876)
JordanJordan(+962)
JapanJapan(+81)
KenyaKenya(+254)
KyrgyzstanKyrgyzstan(+996)
CambodiaCambodia(+855)
KiribatiKiribati(+686)
ComorosComoros(+269)
Saint Kitts and NevisSaint Kitts and Nevis(+1 869)
North KoreaNorth Korea(+850)
South KoreaSouth Korea(+82)
KuwaitKuwait(+965)
Cayman IslandsCayman Islands(+1 345)
KazakhstanKazakhstan(+7)
LaosLaos(+856)
LebanonLebanon(+961)
Saint LuciaSaint Lucia(+1 758)
LiechtensteinLiechtenstein(+423)
Sri LankaSri Lanka(+94)
LiberiaLiberia(+231)
LesothoLesotho(+266)
LithuaniaLithuania(+370)
LuxembourgLuxembourg(+352)
LatviaLatvia(+371)
LibyaLibya(+218)
MoroccoMorocco(+212)
MonacoMonaco(+377)
MoldovaMoldova(+373)
MontenegroMontenegro(+382)
Saint Martin (French Part)Saint Martin (French Part)(+590)
MadagascarMadagascar(+261)
Marshall IslandsMarshall Islands(+692)
North MacedoniaNorth Macedonia(+389)
MaliMali(+223)
BurmaBurma(+95)
MongoliaMongolia(+976)
MacaoMacao(+853)
Northern Mariana IslandsNorthern Mariana Islands(+1 670)
MartiniqueMartinique(+596)
MauritaniaMauritania(+222)
MontserratMontserrat(+1 664)
MaltaMalta(+356)
MauritiusMauritius(+230)
MaldivesMaldives(+960)
MalawiMalawi(+265)
MexicoMexico(+52)
MalaysiaMalaysia(+60)
MozambiqueMozambique(+258)
NamibiaNamibia(+264)
New CaledoniaNew Caledonia(+687)
NigerNiger(+227)
Norfolk IslandNorfolk Island(+672)
NigeriaNigeria(+234)
NicaraguaNicaragua(+505)
NetherlandsNetherlands(+31)
NepalNepal(+977)
NauruNauru(+674)
NiueNiue(+683)
New ZealandNew Zealand(+64)
OmanOman(+968)
PanamaPanama(+507)
PeruPeru(+51)
French PolynesiaFrench Polynesia(+689)
Papua New GuineaPapua New Guinea(+675)
PhilippinesPhilippines(+63)
PakistanPakistan(+92)
PolandPoland(+48)
Puerto RicoPuerto Rico(+1 787)
PalestinePalestine(+970)
PortugalPortugal(+351)
PalauPalau(+680)
ParaguayParaguay(+595)
QatarQatar(+974)
ReunionReunion(+262)
RomaniaRomania(+40)
SerbiaSerbia(+381)
RussiaRussia(+7)
RwandaRwanda(+250)
Saudi ArabiaSaudi Arabia(+966)
Solomon IslandsSolomon Islands(+677)
SeychellesSeychelles(+248)
SudanSudan(+249)
SwedenSweden(+46)
SingaporeSingapore(+65)
SloveniaSlovenia(+386)
SlovakiaSlovakia(+421)
Sierra LeoneSierra Leone(+232)
San MarinoSan Marino(+378)
SenegalSenegal(+221)
SomaliaSomalia(+252)
SurinameSuriname(+597)
South SudanSouth Sudan(+211)
Sao Tome and PrincipeSao Tome and Principe(+239)
El SalvadorEl Salvador(+503)
SyriaSyria(+963)
SwazilandSwaziland(+268)
Turks and Caicos IslandsTurks and Caicos Islands(+1 649)
ChadChad(+235)
TogoTogo(+228)
ThailandThailand(+66)
TajikistanTajikistan(+992)
TokelauTokelau(+690)
Timor-LesteTimor-Leste(+670)
TurkmenistanTurkmenistan(+993)
TunisiaTunisia(+216)
TongaTonga(+676)
TurkeyTurkey(+90)
Trinidad and TobagoTrinidad and Tobago(+1 868)
TuvaluTuvalu(+688)
TaiwanTaiwan(+886)
TanzaniaTanzania(+255)
UkraineUkraine(+380)
UgandaUganda(+256)
United StatesUnited States(+1)
UruguayUruguay(+598)
UzbekistanUzbekistan(+998)
Holy See (Vatican City State)Holy See (Vatican City State)(+379)
Saint Vincent and the GrenadinesSaint Vincent and the Grenadines(+1 784)
VenezuelaVenezuela(+58)
Virgin Islands, BritishVirgin Islands, British(+1 284)
Virgin Islands, U.S.Virgin Islands, U.S.(+1 340)
VietnamVietnam(+84)
VanuatuVanuatu(+678)
Wallis and FutunaWallis and Futuna(+681)
SamoaSamoa(+685)
YemenYemen(+967)
MayotteMayotte(+262)
South AfricaSouth Africa(+27)
ZambiaZambia(+260)
ZimbabweZimbabwe(+263)
Enquiry *
Check out our Privacy Policy to learn more about how we handle your personal data.
* Required fields
decor banner Left

Related Case Studies

TMA Security Solution dashboard showing AI-powered threat detection, incident response, and automation tools in a unified platform

TMA Security Solution

Cybersecurity
Data Science & AI/ML
Security Application Development
Explore Morearrow_blue
Penetration Testing Service

Penetration Testing Service

Cybersecurity
Software Testing
Security Application Development
TMA has 10+ years of experiences providing services of Security testing and Penetration testing
Explore Morearrow_blue
Embedding Static Application Security Testing (SAST) into a JenkinsBitbucket Pipeline

Embedding Static Application Security Testing (SAST) into a JenkinsBitbucket Pipeline

Cybersecurity
Security Application Development
We integrated Static Application Security Testing (SAST) into a Jenkins–Bitbucket pipeline for a U.S. cybersecurity firm, automating vulnerability detection and improving secure coding practices from commit to release.
Explore Morearrow_blue