Top Banner

Website security assessment service | WEB vulnerability assessment

In Indonesia, it’s a fact that most of corporates still have very low awareness of website security. On the other hand, many skillful attackers are causing many security incidents in Indonesia at international level. It is extremely important for you to make sure that your website’s security is checked by a professional with the viewpoint of cyber attacking/software vulnerability since attackers have various ways to penetrate the security hole of your website. If the attackers break your security holes, the risk is not only your website will be jacked or edited, but your website/business can be used for a crime. That is why it is extremely important to strengthen your website’s security even if it’s a very simple website.

Website security assessment contents

  • We check and report on 12 crucial items of the assessment. It is a website vulnerability assessment service that can quickly scan the security level of your website.
  • The scope of assessment may be limited by the scale of the website security (number of pages, search function, presence/absence, and number of forms) that will be tested.
  • We conduct an assessment by using a security assessment tool that enable us to implement a comprehensive testing.
  • We also perform a manual test to identify the critical and potential risk by analysing source code.
  • We will provide some advises to solve the risks and show you the priorities of those risks to be solved.
Why website security assessment is necessary?
Websites owned by financial institutions are not the only ones who need security assessment and countermeasures. The ones who are not handling important and personal information also have a chance to get cyber-attacked.

Also in Indonesia, attacks such as unauthorized access and falsification of data are frequently carried out against websites. As a result, it can cause severe damages, such as personal information leakage, system down, access trouble, up to falsification of identity.

Most companies use websites as their communication channel with customers to convey the brand value and trust. There is a risk that the brand value will be greatly damaged if the security incident occurs on your website. To eliminate these risks and keep on maintaining a secure website, security vulnerability assessment is highly recommended.

We need to perform a proper security assessment and grasp the security vulnerability of our company's website, even just a primary one.

LOGIQUE will flexibly perform various security assessment according to the scale of the website. We also have a primary vulnerability assessment that can be easy and cheaper to start with.
The steps taken by LOGIQUE in conducting a Website Security Assessment
In conducting a website security assessment, Logique Digital Indonesia uses international standards as the reference, including:

Step 1
1 Reconnaissance
The stage where we will collect initial data or any other things needed for the client. After data is collected, we will be able to plan attacks more easily. Reconnaissance can be done in two ways, which are actively (directly touching the specified target) and passively (surveillance is done through intermediaries).

Step 2
2 Scanning
At this stage, an application is needed as a technical tool to collect various advanced data on the target that we have set. The data sought is more general, which is about the system they have.

Step 3
3 Gaining Access
We will gain access to take control of one or more network devices to further extract data from the target, then use the device to launch attacks on other targets.

Step 4
4 Maintaining Access
That is the stage where we will make several steps needed to remain in the target environment with the aim of collecting as much data as possible. In this phase, the attacker must remain idle so that they cannot be caught while using the host environment.

Step 6
5 Covering Tracks
The last stage where we will cover the track, forcing the attacker to take the steps needed to remove all the similarities during detection. Any changes that have been made, improved authorization, etc. All must return in a non-recognition state (not recognized) by a network administrator host.

LOGIQUE provides a variety of Cyber Security services.

A. Application Penetration Testing
A security test is a method of evaluating the security of a computer system or network by methodically validating and verifying the effectiveness of application security controls.

1) Web Apps
A web application security test focuses only on evaluating the security of a web application. The process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities. Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.

2) Mobile Apps
The security test on mobile apps focuses only on evaluating the security of a mobile app on iOS or android devices. Like web apps, the process also involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities.

3) Desktop Apps
For those of you who might wonder if desktop app is still a thing, yes, of course. Most of enterprise applications are installation based and use hardware resources to run. Also, many real time systems are still desktop based due to their performance capabilities. In this case, LOGIQUE can also test these softwares for ensuring smooth functionality.

Desktop apps run on personal computers and work stations, a specific environment acts as a baseline for your test plan. One can test the complete application broadly in categories like Graphical User Interface, Functionality, Load, etc. A desktop application is usually used by a single user at a time and needs to be installed as an exe file hence highlighting the need for installation testing.

B. Network & Infrastructure Penetration Testing
Assessing security or penetration testing on servers, local network, and staff PC. This infrastructure test is a proven method of evaluating the security of your computing networks, infrastructure, and application weakness by simulating a malicious attack.

C. Code Review
Auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places. Code review is a way of ensuring that the application has been developed so as to be “self-defending” in its given environment.

D. Cyber Security Awareness Training
Choosing a weak password or clicking a bad link is the example of personal decisions that even the best cyber security cannot help. This is the reason why cyber security awareness is vital especially among end users and programmers, and LOGIQUE can provide the training for you.

E. Cyber Security Consulting
LOGIQUE is ready to help your IT team to solve security problems and provide the best solutions. We can give technical advices to your IT team and strategic advices to your management team.

LOGIQUE can help you.

In Indonesia, we have performed security assessments on websites of a governmental organization, financial institution, up to a car manufacturer. Most of the cases, you will be shocked with the test result, but it is better at least you can notify the risk and make an appropriate strategy against it. LOGIQUE will help you lessen the risks until the risk gets almost none by monitoring its security constantly.

We are offering a special price for trial of our vulnerability assessment service.
10 juta

Although it is a simple assessment, we recommend that you know the status of your website’s security and how critical they are. Feel free to contact us for consultation. We would be pleased to respond to your questions in English, in Indonesian, or in Japanese about the details related to website security assessment service, such as assessment detail, report items, cost, duration, etc.