MMEs company presentation. MME is specialized in Security Audits, Penetration Testing, Vulnerability Assessment and InfoSec Training.

1. © 2014 MME BVBA, all rights reserved.
| IT Audits & SecurityMME
Company Presentation

2. © 2014 MME BVBA, all rights reserved.
Company Presentation
 About us
 Security Audits
 Security Training
 Security Software
 References
 Contact us

3. © 2014 MME BVBA, all rights reserved.
Company Presentation
 About us
 Security Audits
 Security Training
 Security Software
 References
 Contact us

4. © 2014 MME BVBA, all rights reserved.
About us
 MME BVBA, founded in 2010
 Specialized in security audits and training
 Objective approach, vendor independent
 Our focus is to advise and to educate
 We are not selling any products!
| ITAudits&SecurityMME

5. © 2014 MME BVBA, all rights reserved.
About us
 Malik Mesellem - Founder and CEO
 Over 15 years of experience as an IT professional
 Worked as a Systems Engineer, Developer, IT Manager
 Passion for Ethical Hacking and Penetration Testing
 Obsessed with Windows and web application (in)security

6. © 2014 MME BVBA, all rights reserved.
About us
 Malik Mesellem - Certifications
 GIAC GPEN
 EC-Council CEH
 MCSE Security, MCSA Security, MCITP, MCT
 CompTIA Security+, Network+, A+
 Vasco VCE/VCT
 Citrix CCA

7. © 2014 MME BVBA, all rights reserved.
About us
 Malik Mesellem - Honors
 Guest Professor HOWEST
‘Computer & Cyber Crime Professional’ (bachelor)
 Guest Speaker at conferences
ECSA, Infosecurity, SANS 2014, B-Sides Orlando, TDIS,...
 OWASP ZAP Evangelist / SANS Mentor Belgium
Zed Attack Proxy / Network Pentesting & Ethical Hacking
 Security Trainer
Belgacom JCA, Global Knowledge, Syntra, Escala,...

8. © 2014 MME BVBA, all rights reserved.
About us
 Malik Mesellem - Projects
 Vulnerability Researcher
CVE: 2013-4890, MS RDP Pass-the-Hash
 bWAPP - ‘a buggy web application’
Open source deliberately insecure web application. Helps security enthusiasts
and students to discover and to prevent web vulnerabilities (10.000+ downloads)

9. © 2014 MME BVBA, all rights reserved.
About us
 Diversity of security services
 Security Audits
 Security Training
 Security Software
 Malware Analysis
 Design & Configuration
 Server Hardening
 Source Code Review

10. © 2014 MME BVBA, all rights reserved.
Company Presentation
 About us
 Security Audits
 Security Training
 Security Software
 References
 Contact us

11. © 2014 MME BVBA, all rights reserved.
Security Audits
 We offer a wide range of security audits
 Vulnerability Assessment
 Network Penetration Testing
 Web Application Penetration Testing
 Active Directory and Password Audits
 Malware Analysis and Botnet Detection
 Wireless Security Surveys
 Configuration Reviews
 DoS and Stress Testing

12. © 2014 MME BVBA, all rights reserved.
Security Audits
 Every audit starts with a risk analysis
 Critical assets are defined
 Threats regarding these assets are analyzed
 Audit checkpoints are based on those threats
 A risk level is calculated for each checkpoint

13. © 2014 MME BVBA, all rights reserved.
 The risk level is determined using the following
calculation:
Risk Level = Impact x Probability
Security Audits

14. © 2014 MME BVBA, all rights reserved.
Security Audits
 Penetration testing identifies and exploits vulnerabilities
that may exist within the infrastructure
 Ethical hacking techniques are used
‘Like a hacker, but from an ethical point of view’
 Advantages +++
 Confirms potential vulnerabilities by excluding false positives
 Protects the network against intruders and malicious software
 Guarantees that your defense measures are working effectively
 Provides a higher availability, and maps the environment

15. © 2014 MME BVBA, all rights reserved.
Security Audits
 Web application penetration testing is focusing on
evaluating the security of a web application
 The application is tested for known vulnerabilities
 Automatic, semi-automatic as well as manual tests
 Different commercial ‘state-of-art’ vulnerability scanners
 To exclude false positives, all results are manually verified!
 Official OWASP methodology
 Based on the OWASP Top 10 Project (more)

16. © 2014 MME BVBA, all rights reserved.
Security Audits
 Some checkpoints in our web app penetration testing
 Injections (HTML, SQL, XML, LDAP,...)
 CSRF or Cross-Site Request Forgery
 XSS or Cross-Site Scripting
 Parameter Modification
 Security Misconfiguration
 Session Management
 Broken Authentication
 Sensitive Data Exposure

17. © 2014 MME BVBA, all rights reserved.
 Our Heartbeat Scan is a complete security audit
 All critical and vital parts are scanned and analyzed
 Potential threats and vulnerabilities are identified
 Spread over several days, for a fixed price
 Comprehensive checkpoints
 A risk level is calculated for each check
Security Audits

18. © 2014 MME BVBA, all rights reserved.
Security Audits
 Checkpoints in our Heartbeat Scan
 Vulnerability Assessment
 Internal and External Penetration Test
 Active Directory Review and Password Audit
 Software Updates Compliance Check
 Business Continuity - Disaster Recovery Check
 Firewall Configuration Review
 Wireless Security Survey
 Endpoint and Malware Check

19. © 2014 MME BVBA, all rights reserved.
Security Audits
 Optional checkpoints in the Hearbeat Scan
 Web Application Penetration Test
 Malware Analysis and Botnet Detection
 Social Engineering Test
 Source Code Analysis

20. © 2014 MME BVBA, all rights reserved.
Security Audits

21. © 2014 MME BVBA, all rights reserved.
Security Audits

22. © 2014 MME BVBA, all rights reserved.
Security Audits

23. © 2014 MME BVBA, all rights reserved.
Security Audits

24. © 2014 MME BVBA, all rights reserved.
Security Audits
 The report is a very important aspect
 Also made with an objective approach
 Understandable, not auto-generated!
 Comprehensive, it includes
 Management and technical part
 List of potential investments
 Detailed findings and advice
 Customized action plan

25. © 2014 MME BVBA, all rights reserved.
Company Presentation
 About us
 Security Audits
 Security Training
 Security Software
 References
 Contact us

26. © 2014 MME BVBA, all rights reserved.
Security Training
 Unique security courses, seminars, and workshops
 Ethical Hacking Basics (pdf)
 Ethical Hacking Advanced (pdf)
 Attacking & Defending Web Apps with bWAPP (pdf)
 Plant the Flags with bWAPP (pdf)
 What is bWAPP? (pdf)
 Windows Server 2012 Security (pdf)
 IT Security BOOTCAMP

27. © 2014 MME BVBA, all rights reserved.
Security Training

28. © 2014 MME BVBA, all rights reserved.
Company Presentation
 About us
 Security Audits
 Security Training
 Security Software
 References
 Contact us

29. © 2014 MME BVBA, all rights reserved.
References
 We have realized successful projects with companies in
every sector of industry
 Colleges and training institutes
 Flemish and federal government
 Healthcare and retail sector
 ICT companies and telecom operators
 Investment and financial companies
 Non-profit organizations
 Stock listed companies

30. © 2014 MME BVBA, all rights reserved.
Company Presentation
 About us
 Security Audits
 Security Training
 Security Software
 References
 Contact us

31. © 2014 MME BVBA, all rights reserved.
Contact us
 MME BVBA - Malik Mesellem
Email | info@mmeit.be
LinkedIn | be.linkedin.com/in/malikmesellem
Twitter | twitter.com/MME_IT
Blog | itsecgames.blogspot.com

32. © 2014 MME BVBA, all rights reserved.
Contact us
 Follow MME on Twitter
 Receive info on the latest security news
 Take advantage of discounts on our courses
 Join our free online security challenges
 Stay updated on bWAPP
@MME_IT
#bWAPP #itsecgames