top of page

EXPERIENCED SOLUTIONS

DEPARTMENT OF STATE

SECURITY ENGINEERING AND SUPPORT SERVICES

SCS perform mobile device, mobile application, web application, Local Area Network (LAN) and Wireless Local Area Network (WLAN) penetration testing, vetting, and assessments with various tools and techniques (commercial and open source). Research and test new cyber security tools and techniques. Scan, discover, remediate, securely configure, monitor, and maintain the IT security of all assets on the network. Assess the risk level and threat exposure of the Information System and its assets to cyber threats and vulnerabilities. Present all findings and recommendations to management and senior leadership.
 

DEPARTMENT OF HOMELAND SECURITY

PENETRATION TESTING SERVICES

Conducted onsite penetration tests from an insider/outsider threat perspective. Produced advisory reports to developers, engineers and high level management regarding 0-day exploits, CVE vulnerabilities, and results from manual testing. Identified numerous zero-day vulnerabilities including: RCE, XSS, SQL Injection and CSRF; rooted FireEye and BlueCoat appliances. Created virtualized lab for exploit creation, malware distribution analysis and security product testing. Collaborated with external clients to conduct audits and penetration tests and present results to senior management. Performed security reviews of application designs, source code and deployments covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS). Tested over 50 applications ranging from small open source applications to large multi-tier COTs appliances. Developed a virtualized test environment with penetration testing tools including Burp, Kali Linux, WebInspect, AppDectective, Fortify, etc.

Department of Homeland Security Logo, a client of Secure Consulting Solutions
The Bishop Fox Logo, a client of Secure Consulting Solutions

BISHOP FOX

WEB PENETRATION SERVICES FOR GOOGLE PARTNERSHIP PROGRAM

Provided web penetration testing services at Bishop Fox, helped clients such as Kayak.com achieve approval for the Google Partnership Program. This involved conducting a thorough analysis of the website's security vulnerabilities and identifying potential weaknesses that could be exploited by attackers. By leveraging our expertise in web security, we helped ensure that the website met the security requirements necessary to be approved as a Google partner. We work played a crucial role in helping the website achieve its goal and obtain approval for the Google Partnership Program.

Bishop Fox is a cybersecurity consulting firm that specializes in providing comprehensive security services to businesses of all sizes. Founded in 2005, the company offers a wide range of services, including penetration testing, application security, cloud security, network security, social engineering, and more.

QUALTRICS

WEB PENETRATION SERVICES FOR XM WEB APPLICATION AND BETA TOOLS

We offered our expertise to Qualtrics, a leading experience management software company. Our role involved conducting web penetration testing for the XM web application, including all of its functionalities, as well as testing for all beta products. Additionally, you provided a red team assessment for Qualtrics' network, which included thousands of endpoints, to identify and mitigate potential security vulnerabilities. Qualtrics is a leading experience management software company founded in 2002. The company's platform helps organizations collect and analyze customer, employee, and market insights to make data-driven decisions. Qualtrics offers a range of solutions, including customer experience, employee experience, product experience, and brand experience. In 2018, Qualtrics was acquired by SAP for $8 billion, making it the largest acquisition in SAP's history.

The Qualtrics logo, a client of Secure Consulting Solutions

ASCENDANT ENGINEERING SOLUTIONS

NIST CYBERSECURITY DFARS CLAUSE 252.204-7012 800-171
ASSESSMENT SERVICES

Assessment Services include audits and compliance assessments against the NIST 800-171 standard, after which we advise on security program enhancements and control implementation where gaps are identified. Where possible, identified ways to reduce the scope of our client’s effort. For example, hardening client-hosted servers and networks costly and time consuming. We found it was more expeditious and cost effective to isolate CUI data on FedRAMP-certified, cloud-based servers. Once we have helped our client identify their requirements, SCS created the NIST 800-171 required document sets, including a System Security Plan (SSP) that documents how you protect and ensure control of CUI and any additional guidance based on client or agency requirements. We developed supporting compliance programs, including cost-effective alternative approaches, to implement and maintain (continuous monitoring) the required controls for transmitting or storing this data in non-federal information systems.

The Ascendant Engineering Solutions Logo, a Client of Secure Consulting Solutions
Department of State logo, a client of Secure Consulting Solutions
bottom of page