SEQ – your information security advisor

Our top priority is application of all the existing attack vectors on IT-systems in order to expose IT-infrastructure vulnerabilities and deliver detailed recommendations on mitigation and remediation

Testing methods

Black Box

  1. The lack of any internal information on the attacked systems
  2. The attack conditions of an external attacker are reproduced

Grey Box

  1. Partial awareness of the attacked systems
  2. The conditions of information leak or access by a malicious actor to the internal network are reproduced

White Box

  1. Full awareness of the attacked systems
  2. A wider timespan for system in-depth analysis

Assessment services

Penetration testing and security analysis

Before developing strategies and techniques to counter information security threats, companies need to test their infrastructure for current sustainability to attacks:

  • Detecting vulnerable components and existing computer security issues;
  • Identifying possible ways of compromising the information system;
  • Verifying the possibility of implementing the identified attack vectors.

The selected SEQ approach of penetration testing is based on the recommendations of international standards and best practices:

  • Open Web Application Security Project (OWASP);
  • Open-Source Security Testing Methodology Manual (OSSTMM);
  • Web Application Security Consortium (WASC);
  • ISO 27000 series standards;
  • Center for Internet Security (CIS) standards;
  • Common Vulnerability Scoring System (CVSS);
  • NIST Special Publications 800-115 Technical Guide to Information Security Testing and Assessment.

Source code analysis

Software code analysis allows identification of vulnerabilities that are product of technical errors as well as malicious intent. Efficient detection of current problems will help to avoid distortions in the analysis of the source code and distinctly identify the source of threats.

Identification of architecture security issues

  • SEQ assessment process audit is based on risk modeling.
  • The investigation of the existing information architecture of the company helps to identify possible threats and assesses the risks to the infrastructure; during this process SEQ widely uses and implements international best practices and developments. As a consequence, the customer receives a detailed report with analysis and prioritization of risks, as well as recommendations for reducing the impact of these risks.

Social engineering

The human factor has a leading role in affecting all processes in the organization, including the protection of company assets and infrastructure. The use of social engineering techniques in assessment by SEQ will help to increase assurance that the human factor will not widely affect the risks to information security. These techniques can take form of trainings, security courses for employees and other complex projects (for example, Red Team), allowing you to develop an objective assessment of vulnerability on the part of staff.

SAP Infrastructure Security

SAP ® systems are one of the most important assets of the company. SEQ helps to detect serious vulnerabilities before attackers do so by evaluating:

  • The overall security level of SAP systems;
  • Reliability of application implementation;
  • The level of security in the management processes of users, rights, interfaces, emergency concepts and business applications;
  • Security patch management;
  • SAP security measures and prevention of malicious actions awareness.

Red Team Assessment

Red Teaming is the use of TTPs (Tools, Tactics and Procedures) to simulate a real threat in order to train and measure the effectiveness of people, processes and technologies used to protect the company's information environment. A typical scope of Red Team assessment involves the entire customer infrastructure. Red Teaming conducted by SEQ will help the customer to acquire a clear vision of the actual security level of information systems, as well as their current capabilities in countering threats and attacks.

Implementation of secure software development procedures – Secure SDL

SDL (Security Development Lifecycle) is a development technique that allows one to ensure the required level of security of the system that is being developed. The SDL approach is based on the practices of training the development team, conducting a security analysis of the developed system and implementing security improvement mechanisms. The primary methods used in SEQ include: MS SDL, OWASP Secure SDLC Cheat Sheet

Why choose us

Long-lasting experience

  • SEQ experts are highly competent specialists with extensive training and international certificates that confirm their level of professional skills.
  • 200+ projects / year
  • 10+ years of consulting
  • numerous publications

In-depth expert knowledge

  • We use a combination of approaches to ensure top performance: best industry practices, data from the vulnerability lab and valuable expertise from our team of professionals.
  • Full range of infosecurity services

Leading quality

The most advanced techniques are utilized to expose both known and 0-day vulnerabilities. The quality and safety of business processes are certified in compliance to ISO 9001 and ISO 27001 standards.