Varutra's Security Assessment services helps organizations reduce exposure to risk, protect data assets and minimize the impact of security related events on business activity. Our services are highly customizable to suite client's needs as per the cloud services and deployment model they have adopted for the business.

Vulnerability Assessment
In cloud computing, resources such as computing power, storage, network and software are abstracted and provided as services on the Internet in a remotely accessible fashion. Categories of cloud computing are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Also the cloud can be deployed as Public, Private, Hybrid or Community.

Cloud computing has its own challenges when it comes to Information Security. It is of utmost importance to protect the critical data and systems in the cloud. Varutra offers Cloud Vulnerability Assessment, Cloud Penetration Testing services for the information systems and applications running in the cloud. We also offer a unique Cloud Security Audit, which is a comprehensive analysis and review of the security of the Information Systems from the perspective of working of the internal controls and policies. This analysis is essential to determine the security and effectiveness of the controls, which are in place.

Varutra’s consultants create best practices and methodologies for ensuring the confidentiality, integrity and security of information data hosted in the cloud and use a blend of automated tools and manual techniques to identify security issues in categories such as:

  • Connection & Data Transmission
  • Authentication & Authorization
  • Intrusion Detection & Protection
  • Server Virtualization Patch Management
  • Segregation of Duties
  • Granted Access
  • Removal of Access Rights
  • Process for periodic Review of Access
  • Incident Management
  • Change Management
  • Mis-Configurations
  • Availability

Reverse Engineering
Wikibooks defines "Reverse Engineering" as the process of discovering the technological principles of a mechanical application through analysis of its structure, function and operation. That involves sometimes taking something apart and analyzing its workings in detail, usually with the intention to construct a new device or program that does the same thing without actually copying anything from the original.

Varutra offers the reverse engineering service where target software or product is reverse engineered to extract its design and implementation details, understand its internal interactions with different software components. The entire process is carried out to uncover security issues and vulnerabilities, to exploit its weaknesses and to strengthen its defenses.

Varutra offers a highly strategic and customized solution to test a product or software with various techniques and our expertise in reverse engineering.

In Black Box Testing of a product / software, Varutra follows a completely different approach than traditional vulnerability testing. Varutra consultants will fuzz the target software to finding out critical vulnerabilities usually not identified in traditional testing. In addition to find out known security issues, a zero day security testing approach is followed to analyze unknown vulnerabilities in the software product.

In the Binary Audit activity of reverse engineering, the following key points are addressed:

  • Review and test anti-debugging protections

  • Review and test runtime control-flow obfuscation layers

  • Review and test licensing mechanisms

  • Look for and identify for any Malware, Trojan Injection or malicious code

  • Binary audit is essentially carried out on software product binaries, executable, dll's, libraries, etc.

    Fuzzing: Fuzz Testing or Fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash, generates errors. Various techniques including mutation based fuzzing and generation based fuzzing are applied.

    Varutra uses a custom approach tailored to each client that combines fuzzing and reverse engineering with black box testing.

Configuration Audit
Varutra’s technical configuration audit process is highly customized to suit the organization’s network infrastructure.The audit process broadly consists of auditing the perimeter devices, networkdevices such as firewall, routers, switches, load balancers, IPS, IDS and Server Systems such as Domain Controllers, File Servers, FTP Servers, Email Servers, Proxy Servers, Antivirus Servers and Databases comprising network architecture.
For all In-scope Hosts, Varutra consultants will analyze various components of identified operating systems using automated tools and manual techniques to identify known vulnerabilities in categories such as:
Varutra Source Code Analysis phases are
  • Security Patch Levels
  • File Permissions / Registry Permissions (if applicable)
  • Mis-Configurations
  • File Systems
  • Users / groups presents on the system
  • Services running
  • Network Configurations
  • Event Logging
  • Database Configurations
  • Version specific vulnerabilities
Network Architecture Review
Varutra network architecture review is a process of thoroughly assessing the network component’s configurations with their placements in the network and network design. Our network security team will observe network from defense in depth strategy to withstand any network attacks. The audit objective is to assist in increasing the security posture of the network.
The Network Architecture Review encompasses following steps
  • Understanding organization business and the network infrastructure
  • Review network design and deployed network security solutions
  • Device configuration audit
  • Review organization’s security policy
  • Analysis and Reporting
Penetration Testing
Wireless Networks are an integral part of organizations network infrastructure and has the exposure to internal/external threats. Varutra’s wireless security audit methodology is a result of research, proven techniques, advance testing tools and rich experience of our security experts in this area to ensures the maximum coverage over all possible threats from various dimensions.
Several wireless deployments are accessible beyond the acceptable physical premises protecting the infrastructure,which presents unique threats. Attackers can target wireless access points with pre-defined and planned attack strategy. Wireless security assessment will help in detecting, locating and mitigating the risks posed by the current implementation of wireless network technology by taking a very pragmatic and systematic approach to assess & report the current security posture of wireless networks.
  • Defining Testing Scope
  • Detection of Wireless Access Points as well as Rogue Access Points (if any)
  • War Driving
  • Wireless Network Vulnerability Scanning
  • Vulnerability Identification & Validation
  • Wireless Device Configuration Review & Report