Your security and the safety of your business directly depends on how well your personal and business information is protected. We look at the problem from two points of view – both protection and attack. Softgan is always aware of new methods / trends of theft and hacking. Our system for assessing the company’s information security needs will help avoid unnecessary costs and risks

Our services

Search for vulnerabilities in the company’s security system

Information security audit
Countering technical attacks

Website Security Audit

Cross-site scripting (XSS) – embedding unauthorized scripts in a page and executing them in the browser;
SQL injection (execution of SQL queries from a browser to gain unauthorized access to data);
Website analysis according to the GHDB (Google Hacking Database) – a list of typical queries used by hackers to gain unauthorized access to web applications and sites.
Scanning AJAX and Web 2.0 for vulnerabilities.
Scanning ports and discovery of services.
Analysis and building of the site structure.
Code execution;
Directory traversal;
File inclusion;
Disclosure of the script source code;
CRLF injection;
Cross-frame scripting;
Detecting public backup copies of files and folders;
Detecting files and folders that contain important information;
Detecting low-security folders that make it possible to create, modify or delete files.
Resistance to DDOS attack

Investigation of Computer and Mobile Crimes/Incidents. Tracking down and searching for intruders

Targeted attacks
DDoS attacks
Unauthorized access
Financial crimes
Misappropriation of assets and intellectual property, counterfeiting of products, etc.
Corporate crimes
Espionage, corporate raiding, trade secret disclosure and other abuses
Thefts and frauds
Theft of funds, illegal use of the brand, etc.
Forensic analysis
Collection of digital evidence
Study of malware

Creating a Safe Workplace and Network Infrastructure

– assembly/configuration/installation of PC/laptop/workstation
– installation/configuration of software and anti-virus program
– PC data protection
– creation of regulatory information security documentation
– training/briefing of personnel/employees
– building a secure network of an enterprise/organization
– encryption of network/Internet connections
– creation of secure external/internal communication channels
– creation of a corporate mail system
– creation of a corporate messenger

Corporate security assessment

Security analysis of web resources
 (Internet banking and e-commerce systems, corporate and state-owned web portals)
Audit of software, including mobile applications (iOS, Android, Windows Phone)
Audit of remote banking systems and mobile banking applications (iOS, Android, Windows Phone)
Audit of systems for protecting a trade secret, personal data and confidential information of another type
Search for vulnerabilities of network infrastructures
Prevention of DoS/DDoS attacks, load testing
Detection of vulnerabilities in the software of an automatic process control system and SCADA systems
Study of protection of POS and mPOS terminals
Audit of whether the signal networks of telecommunications service providers are switched correctly

Compliance Audit of information security

Compliance Audit of information security
Audit of systems for protection of a trade secret, personal data and information of another type
Audit of pieces of critical information infrastructure and state-owned information systems
Assessment of compliance with international standards and best practices in information security
Assessment of compliance with information security requirements of the Bank of Russia
Assessment of compliance with SWIFT requirements

Countering Technical Attacks

Attack by searching for combinations of login-password for the administrative control panel of the network router.
Attack by survey and scanning ports of the network infrastructure of the enterprise.
Attack by searching for combinations of login-password for a remote server or remote desktop.
Attack by searching for combinations of login and password for the administrative website control panel.
Attack by sending a fake court decision or a fake request from law enforcement agencies to an Internet or VPN service provider.
Attack by scanning the network range of the enterprise network using public search engines such as Shodan and Censys