What?

In the Industry 4.0 era development, cities are increasingly dynamic and the growth of information technology (IT) systems is involved in modern life.

Therefore, IT is popularly applied in organizations and businesses to serve for the “dynamics” and it has become an integral part of such organizations and businesses to meet instant information access demands, anywhere and anytime, even for essential operations in the field of finance, banking or control of critical systems. That is the reason why security of IT systems is becoming more and more essential and playing a prerequisite role in information security for organizations and businesses.

vess introduce

Why Choose Metfone ?

Necessity: IT systems always exist security weaknesses that can be exploited by hackers. Therefore, organizations should beat hackers to the punch, particularly, find out and overcome weaknesses in its IT systems before attacks by hackers.

However, because the periodic audit of an organization’s IT system is very complicated and requires high objectivity, organizations intended to use Penetration Testing by external providers. Penetration Testing, also known as Pentest, is a form of testing whether clients’ IT systems can be attacked by playing as hackers and simulating test attacks on clients’ systems. The main objectives of Pentest service are:

  • Identify security vulnerabilities in the system.
  • Give recommendations and remedies for vulnerabilities detected during pentest.
  • Check out the organization’s information security policies.
  • Test and evaluate users’ awareness when cyber-attacks take place in the organization

Our service: Based on description of vulnerabilities in the list of Top 10 ranked by OWASP, Viettel Group (Parent company of Metfone) has developed criteria to identify the vulnerabilities of a web system, including 7 key items:

  • Authentication management: Avoid vulnerabilities that cause account loss
  • Login session management: Avoid vulnerabilities that hijack the control of login
  • Decentralization: Avoid vulnerabilities that allow unauthorized functions to be performed
  • Interaction with back-end: Avoid vulnerabilities that cause data loss
  • Input data control: Keep information security for data that is sent to server
  • Output data control: Keep information security for users
  • Control of 1-day vulnerabilities of libraries and framework

Award: Over the past years, Viettel’s staff and experts have made constant efforts in the process of research and development of the most optimal products to serve for clients’ information security across the country and other clients in the region. During its operations, Viettel Group has researched and owned 50 zero-day vulnerabilities on various application platforms such as: Microsoſt, Zimbra, Facebook, Paypal, etc…

Thanks to important results in detecting vulnerabilities of popularly used various applications in the world, Viettel Group has been recognized as an excellent unit in the field of Information Security Audit, Supervision and Assurance.

Implementation method

Metfone provides 2 Pentest types of BLACKBOX and WHITEBOX:

  • BLACKBOX PENTEST: Refers to information security audit method by accessing to clients’ IT system from the Internet: Provision of internal data is not required, Audit as hacker, finding vulnerabilities only without impact on client’s system.
  • WHITEBOX PENTEST: In contrast to BLACKBOX, client is required to provide information related to internal and external IT system to perform WHITEBOX PENTEST: Testing as a network administrator, audit of potential risks from source code of the system, finding vulnerabilities only without impact on client’s.

OUTSTANDING ADVANTAGES

img oa
  • checked

    Typically, information on security weaknesses identified and exploited by pentest will be collected and provided to organizations to support organizations in planning strategies and priorities for increasing security for IT system of such organizations.

Price

Contact for detail