On Demand Security Testing Overview www.ivizsecurity.com An IDG Ventures Company

iViZ Industry’s First On Demand Penetration Testing Company

Industry’s First On Demand Penetration Testing Solution Subscription based security testing solution for applications, networks & compliance provides demand, comprehensive and cost-effective coverage IDG Ventures Funded A top tier venture firm with over $4 Bil. investment whose portfolio include Netscape and MySpace Research Recognitions Strong vulnerability research team credited with vulnerability discovery in products of Microsoft, Intel, McAfee, IBM, AVG etc., Technology Recognitions Globally recognitions from US Dept. of Homeland Security, Intel, World Economic Forum, Red Herring, London Business School etc., Strong Customer Adoption Large enterprises across various industry domains like Media, Web, E-Commerce, Banking, Telecom, Government, Technology and others About iViZ

Security Challenges Businesses Face

Security Challenges Businesses Face Today Business Continuity Compliance Management Brand Protection Prevent business disruption by protecting critical IT assets Manage ever growing compliance requirements PCI, ISO-27001, SOX, HIPAA Ensure safety of your application and confidential customer data

Prevent business disruption by protecting critical IT assets

Manage ever growing compliance requirements

PCI, ISO-27001, SOX, HIPAA

Ensure safety of your application and confidential customer data

Threat Landscape Is Increasing! 8000 new vulnerabilities will be discovered this year Even Secure Organizations Are Not Safe! Threat Landscape Is Increasing!

Multi-Stage Attacks Are Harder To Detect Attacks Are Getting Complex Critical Server Non-Critical Server

The Solution

Proactive Regular Security Testing Penetration Testing Ensures You Are Safe Regular proactive Penetration Testing is needed to augment defensive security monitoring measures such as firewalls, IDS, IPS etc., especially in light of the rising level of targeted attacks

iViZ On Demand Penetration Testing Applications | Networks | Compliance Comprehensive | Cost-Effective | On Demand

iViZ Solution On Demand Application Penetration Testing On Demand Network Penetration Testing On Demand Compliance Reporting Covers compliance like PCI, SOX, ISO-27001, HIPAA & more SOX/HIPAA compliant penetration testing ISO-27001 compliant quarterly penetration testing Multi-Stage Attack Simulation to detect attacks missed in traditional testing Covers all 26 classes of WASC application vulnerabilities & OWASP Top 10 Business logic verification Covers all CVE / NVDB / SANS Top 20 vulnerabilities as well as data leakage detection Specialized Testing For Web 2.0 Technologies (AJAX, JavaScript, Flash, ActiveX etc.,) Automated Exploitation And False Positives Elimination PCI-DSS Scanning including compliance templates & auto fill-in from test results Expert analysis along with automated exploitation Expert analysis along with automated scanning

Solution Highlight Unique Multi-Stage Attack Simulation Technology detects all attack paths missed in traditional approach

iViZ Remote Security Operation Center Customer Network On-Demand Portal Internet Secure iViZ Scan Cluster Industry’s First Subscription Based On-Demand Solution Works over the Internet – Anytime - Anywhere Solution Highlight 1 2 3 SCHEDULE TEST FROM ONLINE PORTAL VIEW REPORTS ONLINE OR BY ENCRYPTED EMAIL TEST CONDUCTED AUTOMATICALLY OVER THE INTERNET 1 2 3

Hybrid Testing : Automated Scanning With Expert Analysis Provides Superior Security Coverage Solution Highlight Superior Coverage

iViZ Solution Benefits Online Dashboard providing flexible scheduling, historical trends with powerful vulnerability management capability MAS coupled with expert analysis helps in the detection of attack paths otherwise missed out in traditional testing and also eliminates the false positives Monthly / Quarterly Subscription helps in providing higher ROI and lower TCO (Total Cost of Ownership) On Demand Comprehensive Cost-Effective

Online Dashboard providing flexible scheduling, historical trends with powerful vulnerability management capability

MAS coupled with expert analysis helps in the detection of attack paths otherwise missed out in traditional testing and also eliminates the false positives

Monthly / Quarterly Subscription helps in providing higher ROI and lower TCO (Total Cost of Ownership)

On-Demand Portal Screenshots

Top 2 in Asia / Top 6 in World Top 100 in Asia Top 8 in World Top 4 Emerging Company Innovative Company Finalist Top 10 Hottest Startups Top 2 in India Global Technology Recognitions 2007 2008 2006 2009 2008 2006

Hard Disk Encryption BIOS Antivirus iViZ Research Recognitions iViZ Vulnerability Research has discovered security vulnerabilities in the following products F-Prot version 4.6.8, Sophos SAVScan 4.33.0, AVG for Linux version 7.5.51, Avast for Workstations v1.0.8, Bitdefender for GNU/Linux version 7.60825, ClamAV 0.93.3 Microsoft Bitlocker/Vista (SP0), SafeBoot Device Encryption v4, Build 4750 and below Hewlett-Packard 68DTT Ver. F.0D, Intel Corp PE94510M.86A.0050.2007.0710.1559, Lenovo 7CETB5WW v2.05 iViZ Follows Responsible Disclosure Policy: 1) Private vendor disclosure 2) Vendor coordinated public disclosure 3) No public proof of concept

Media/Online Telecom / Mobile Financial Services Government Technology Others Customers Across Broad Industries

DETAILS

Application Testing iViZ SOC Remote Scan Cluster How It Works On-Demand Portal Internet Secure iViZ Scan Cluster Customer Network Database Application Server Custom Applications Web Server Methodology Application Spidering Authentication Testing Web Serv. / Bus. Logic Testing Ajax Testing Risk Assessment Reporting Session Mgmt Testing Data Validation Testing

Comprehensive coverage of vulnerabilities Supports modern websites using JavaScript, Flash, AJAX, Java Applets, or ActiveX Combination of Automated and Manual Testing Business Logic Verification and Testing Profiling of Remediation with severity Flexible Reporting for effective remediation PCI compliant Reporting Application Testing - Features Cross-Site Scripting SQL Injections; HTTP Response Splitting Parameter Tampering Hidden Field Manipulation Backdoors/Debug Options Stealth Commanding Session Fixation , automatic intelligent form filling Forceful Browsing Application Buffer Overflow Cookie Poisoning Third-Party Misconfiguration HTTP Attacks; Suspicious Content XML/SOAP Tests Content Spoofing LDAP Injection XPath Injection

Comprehensive coverage of vulnerabilities

Supports modern websites using JavaScript, Flash, AJAX, Java Applets, or ActiveX

Combination of Automated and Manual Testing

Business Logic Verification and Testing

Profiling of Remediation with severity

Flexible Reporting for effective remediation

PCI compliant Reporting

Cross-Site Scripting

SQL Injections;

HTTP Response Splitting

Parameter Tampering

Hidden Field Manipulation

Backdoors/Debug Options

Stealth Commanding

Session Fixation , automatic intelligent form filling

Forceful Browsing

Application Buffer Overflow

Cookie Poisoning

Third-Party Misconfiguration

HTTP Attacks; Suspicious Content

XML/SOAP Tests

Content Spoofing

LDAP Injection

XPath Injection

External Network Penetration Testing iViZ Remote Security Operation Center Customer Network Reconnaissance Vulnerability Assessment Exploitation Root Cause Analysis Risk Assessment Reporting Methodology How It Works On-Demand Portal Internet Secure iViZ Scan Cluster

On Demand Testing Schedule daily, weekly, monthly scans Advanced Artificial Intelligence based Testing Exploitation and Accurate vulnerability validation Complete Attack Simulation for finding all attack paths Advanced Correlation of Vulnerabilities Expert Validation Online Vulnerability Management Portal Prioritization and Remediation of Vulnerabilities Reports Compliant to PCI, SOX, ISO 27001 External Network Penetration Testing - Features

On Demand Testing

Schedule daily, weekly, monthly scans

Advanced Artificial Intelligence based Testing

Exploitation and Accurate vulnerability validation

Complete Attack Simulation for finding all attack paths

Advanced Correlation of Vulnerabilities

Expert Validation

Online Vulnerability Management Portal

Prioritization and Remediation of Vulnerabilities

Reports Compliant to PCI, SOX, ISO 27001

Internal Network Penetration Testing Methodology Reconnaissance Vulnerability Assessment Exploitation Root Cause Analysis Risk Assessment Reporting Multi-Stage Attack Analysis Protocol / Link Analysis Customer Network iViZ Scanner On-Demand Portal Green Cloud Security Appliance Security Operation Center On-Demand Portal Secure iViZ Scan Cluster Internet How It Works

Advanced Artificial Intelligence based Testing Exploitation and Accurate vulnerability validation Complete Attack Simulation for finding all attack paths Advanced Correlation of Vulnerabilities Combination of Manual and Automated Testing Network Protocol Vulnerability Testing Find critical data exposure either at rest or in motion for data leakage prevention Profiling of Remediation with severity Flexible Reporting and Compliance Wizard for effective remediation Internal Network Testing - Features

Advanced Artificial Intelligence based Testing

Exploitation and Accurate vulnerability validation

Complete Attack Simulation for finding all attack paths

Advanced Correlation of Vulnerabilities Combination of Manual and Automated Testing

Network Protocol Vulnerability Testing

Find critical data exposure either at rest or in motion for data leakage prevention

Profiling of Remediation with severity

Flexible Reporting and Compliance Wizard for effective remediation

APPENDIX

Challenges in Traditional Penetration Testing Traditional Penetration Testing Challenges Not Comprehensive Manually finding all possible attack paths is not feasible Non-standardized and prone to human errors Not-Scalable & Irregular Dependency on human experts Continuous IT footprint changes & new vulnerability discoveries makes it ineffective Time Intensive & Expensive Low ROI Longer engagement process & turn around time Despite significant investments in penetration testing, infrequent test schedules makes it useless with very little ROI

Manually finding all possible attack paths is not feasible

Non-standardized and prone to human errors

Dependency on human experts

Continuous IT footprint changes & new vulnerability discoveries makes it ineffective

Longer engagement process & turn around time

Despite significant investments in penetration testing, infrequent test schedules makes it useless with very little ROI

“ .. exploit multiple security weaknesses that individually are not critical , but in the aggregate , they allow an attacker to compromise business critical data ” Emerging Threats: Multi-Stage Attacks

Critical Server Non-Critical Server Harmless Critical Vulnerabilities Harmful Non-Critical Vulnerabilities Changing Threat Definitions

iViZ Security Solves The Problem.. Intelligent Human Hacker Self Replicating Mutually Co-operative Community of Technology to Simulate/Emulate

Customer Network iViZ Scanner On-Demand Portal Green Cloud Security Appliance iViZ Security’s Security Operation Center On-Demand Portal Secure iViZ Scan Cluster Internet On-Demand Penetration Test: How It Works? Internal Testing SCHEDULE TEST FROM ONLINE PORTAL APPLIANCE DEPLOYED WITHIN NETWORK TEST CONDUCTED AUTOMATICALLY VIEW REPORTS ONLINE OR BY ENCRYPTED EMAIL

Thanks www.ivizsecurity.com [email_address] LinkedIn Profile