Over the past few years hacker groups and state funded cyber-attacks have increased in activity dramatically. Hundreds of millions of personal records have been exposed since 2015. With over 40% of breaches inflicted upon businesses it is more important than ever to have your online security systems evaluated and audited.

At WorldWeb we’ve been running data centre operations for over 15 years. Our team of Internet services experts are highly skilled in all aspects of Cyber Security and are equipped to uncover all of the potential vulnerabilities in your online systems with simulated attacks, audits, and risk assessments.

Further, our specialists will identify and locate all of your vulnerable digital assets. This helps in implementing stronger security and allocating more comprehensive and prioritised measures.

Upon completion, WorldWeb will recommend strategies and architecture changes that will provide the best solution.

Vulnerability testing

Because of the myriad vulnerabilities that can exist in any system it is often difficult to not only protect or repair them but also to detect them. Vulnerabilities can be produced by poor system architecture, incorrect permissions, maintenance failure, and human error, just to name a few, so a security audit by a trained specialist is rapidly becoming essential.

Our specialists will analyse your online systems and compile a matrix of assets and capabilities and detail potential threats. The matrix assigns appropriate severity for vulnerabilities and ramifications which is used to formulate a strategy for controls to diminish or eliminate the most severe and consequential flaws.
For those that hold, or are looking to obtain, a PCI DSS Certification, quarterly vulnerability tests are a requirement. Retaining or accepting credit and debit card payments through your systems make your business a target for hacking attempts so don’t delay.

When pursuing a penetration test, a vulnerability test is a good first step. It will permit our specialists greater insight into your systems’ vulnerabilities that can then be tested for penetration.

Penetration testing

WorldWeb’s team of specialists can commit a simulated cyber-attack on your systems and networks in order to gauge the effectiveness of current security measures and then recommend remedial strategies. Penetration tests are as effective as real threats so regular testing is recommended every time you upgrade your security.

A penetration test begins with an analysis of current systems, networks, and hardware to detect improper implementation, flaws, and other operational weaknesses. Commissioning a vulnerability test prior to a penetration test ensures that the analysis is as inclusive as possible and provides additional targets to evaluate.

At the end of the test you will be provided a report detailing all of the security issues discovered, assessing the severity and impact of each issue, and a best practice proposal for removing or repairing these issues.

Web application security review – Your business’s web applications are public facing, whether requiring permissions to access or not, presenting a persistent opportunity for attacks. Our specialists can approach this security review with two strategies: as an onsite authenticated attacker or an offsite non-authenticated attacker (or a combination or both for maximum grasp). Manual and automated processes are used to test against nominated targets to search for vulnerabilities and flaws and assess the real potential for a genuine attack.

Denial of Service (DoS) assessment – While being mindful of your network’s integrity, WorldWeb specialists can test the resilience of your systems and applications against Denial of Service attacks. Our specialists will test your system by exploiting the application-layer using known DoS conditions, form submissions, and HTTP(S) conditions.

PCI Compliance Assessment

If your business is involved in online transactions using credit and/or debit cards then you must be committed to Payment Card Industry Data Security Standards (PCI DSS). Complying with these standards ensures that your business is protected against liability in the event that personal records are compromised. By not complying, your business can be accountable leading to immense fines and experience loss of professional reputation. There are different levels for PCI DSS compliance based on implementation; WorldWeb can help you assess which level of compliance is right for your business and, using our partnership with a certified Qualified Security Assessor (QSA), provide you with the appropriate certification.

Level 1 PCI DSS compliance requires an Annual Attestation which must be performed by a certified QSA. Our partner consultants come with years of experience and will audit your security systems for the appropriate requirements. The on-site audit also comes with documentation required to be submitted to your acquiring bank.

Level 2-4 PCI DSS requires an annual Self Assessment Questionnaire (SAQ) to maintain compliance. The SAQ assists businesses in self-evaluating their PCI DSS compliance and may be requested by an acquiring bank. As there are multiple versions of the SAQ based on compliance level, WorldWeb can assist you in determining which SAQ is best for your business as well as how to complete it.

Your PCI DSS compliance can also be assessed during vulnerability testing or penetration testing. Our specialists can reveal any vulnerabilities that may compromise your compliance.