Pentagon Infosec

We have proven our commitments to being top-notch security provider services and gained the trust of our customers successfully.

Contact Info
4th Floor, Mohali Tower, F 539, Phase 8B, Industrial Area, Sector 74, Sahibzada Ajit Singh Nagar, Punjab 160055
INDIA
info@pentagoninfosec.com
+1 917-5085334

SERVICES

Malware Analysis

We do malware analysis for websites systems; network. If your website is infected with a malware then your SEO and website ranking will be affected badly. We have expert team of malware analysis who removed and clean malware from various websites and serve.

Mobile Application Pen-testing

We support mobile pen-testing for Android and IOS. We do Mobile pen-testing using OWASP Mobile Security. We analyze the different levels from where the attackers can exploit the mobile application loophol.

Security analysis and Server hardening

We do security analysis and server hardening for various operating systems and cloud services like Unix; Windows; AWS; Azure; Fedora; Nginx etc. We have developed our mechanism and follow our standard checklists to make your server more secure.

Network Penetration Testing

We provide external and internal network penetration testing with or without credentials so that your Network Infrastructure is secured from the real world attacks. We support various cloud based service like AWS; AZURE penetration testing.

Website Penetration Testing

We provide website pen-testing using standard methodologies like OWASP top; SANS 20 for various CMS like WordPress; Magento; Drupal. We do both automated and manual pen-testing. We not only focus on automated tools but also follow the logic of organization, application data flow manually.

Source code Analysis

Our professionals conduct the source code review in highly secured environments (offline systems or without internet systems). Source code analysis ensures security and discovers the hidden flaws in the source code. We support various technologies like PHP; .NET; JAVA etc.

PCI DSS

The Payment Card Industry Data Security Standard(PCI DSS) is a set of information security standards developed in 2004 by Visa, MasterCard, Discover and American Express. Managed by the Payment Card Industry Security Standards Council(PCI SSC), this compliance program aims to protect credit and bank card transactions in the fight against data theft and fraud. While PCI DSS does not have the legal authority to enforce compliance, it is a requirement for any business involved in credit or debit card transactions processing. It is the best way to protect sensitive information, thus helping businesses build lasting and reliable relationships with their customers.

SSAE 18

The SSAE stands for Statement on Standards for Attestation Engagements. Supervised by the American Institute of Certified Public Accountants (AICPA), SSAE 18 regulates how organizations report on their compliance control measures. These reports usually come in the form of a Service Organization Control (SOC) report, which provides the information needed to accurately assess the risks associated with external vendors. When examining Data Centre certifications, these reports provide the required evidence of compliance.

ISO 27001

The international standard ISO 27001:2013 describes how to manage information security to safeguard an organization’s information assets. As a standard, it offers an Information Security Management System (ISMS) implementation method that is common and widely recognized, eliminating any uncertainty over an organization’s ISMS investments.This aids a company in maintaining and enhancing the three information management pillars of:
• Confidentiality
• Integrity
• Availability

VAPT

Vulnerability Assessment and Penetration Testing (VAPT) are two types of risk testing. Tests have different strengths and are often combined to achieve a complete risk-free analysis. In short, Entry Test and Risk Assessment performs two different tasks, usually with different outcomes, in the same focus area. Risk assessment tools identify the risks involved, but they do not distinguish between possible and potentially harmful errors. Vulnerability scanners warn companies about errors that already exist in their code and where they are found. Login testing attempts to use the system vulnerabilities to determine if unauthorized access or other malicious activity is possible and to identify potential errors in the application.

HIPAA

Health Insurance and Portability and Accountability Act
Data security is becoming an increasingly important concern for healthcare organizations. For more than 15 years, HIPAA has been regulating the privacy and security of electronic protected health information (ePHI) utilized by health plans, healthcare clearing houses, and healthcare providers. The scope of that regulation was extended with the passing of the HITECH Act in 2009..

GDPR

GDPR is designed to unify data privacy requirements across the European Union (EU). The legislation provide a single harmonized EU regulation with the expectation to standardize how an organisation must manage personally identifiable information of EU employees and clients. It protects the data of all EU subjects regardless of where you collect, store or process it.
It requires that you strengthen data privacy controls, ensure the technology you use to manage personal data is fit for purpose, and that you can supply detailed, documented, responses to requests for data. And that’s just the start.

Web Application Security

Web application security (also known as Web AppSec) is the idea of building websites to function as expected, even when they are under attack. The concept involves a collection of security controls engineered into a Web application to protect its assets from potentially malicious agents. Web applications, like all software, inevitably contain defects. Some of these defects constitute actual vulnerabilities that can be exploited, introducing risks to organizations. Web application security defends against such defects. It involves leveraging secure development practices and implementing security measures throughout the software development life cycle (SDLC), ensuring that design-level flaws and implementation-level bugs are addressed.

Cloud Security Assessment

A cloud security assessment is an evaluation that tests and analyzes an organization's cloud infrastructure to ensure the organization is protected from a variety of security risks and threats. The assessment is designed to:
Identify weaknesses and potential points of entry within the organization’s cloud infrastructure
Analyze the network for evidence of exploitation
Outline approaches to prevent future attacks