https://www.offchainsec.com/overview daily 1.0 2024-02-25 https://images.squarespace-cdn.com/content/v1/61ab8329d58c975c7fb56f7b/74782ed1-63bc-480b-9d1f-e6c6ee187cde/OCS-C+Mockup+2+%281%29.jpg Overview - Infrastructure security We audit and test existing infrastructure for businesses and advise on how to securely architect and deploy new infra for startups. A complete review of your attack surface and cloud-native stack provides unparalled insight into how to better secure your resources. https://images.squarespace-cdn.com/content/v1/61ab8329d58c975c7fb56f7b/64029720-97e7-4d77-8d3c-e317f55b0a9e/OCS-D+Mockup+2.jpg https://www.offchainsec.com/contact daily 0.75 2023-05-29 https://www.offchainsec.com/infrastructure-security daily 0.75 2023-05-29 https://images.squarespace-cdn.com/content/v1/61ab8329d58c975c7fb56f7b/1646502216063-O2SBJXVSIRMCDET92TPG/unsplash-image-iGheu30xAi8.jpg Infrastructure Security More and more businesses move their infrastructure to the cloud every day and adopt the cloud-native, microservices model. Some organization are single cloud some are multi-cloud; some are a mix of on-premises assets and cloud while some are exclusively cloud-based. This new landscape presents challenges due to the flexibility and complexity of services offered and increases the opportunities for malicious actors. An infrastructure security assessment can help you significantly decrease your risk of attack and compromise. https://images.squarespace-cdn.com/content/v1/61ab8329d58c975c7fb56f7b/1646503920419-6TWV7VEWBV7C6POLNEU3/unsplash-image-KiH2-tdGQRY.jpg Infrastructure Security During the external portion of the assessment OCS conducts recon and discovery against client identified assets and attempts to find exposed sensitive information, vulnerabilities and misconfigurations that could lead to compromise. For the internal portion of an infrastructure assessment OCS uses a client-provided account. This assume breach type of test enables our experts to emulate a credential breach as well as audit specific infra implementation details in your cloud environment leading to a more information rich and valuable engagement. https://images.squarespace-cdn.com/content/v1/61ab8329d58c975c7fb56f7b/1646507650324-ASUQI9LIB1G8NKPZHYPD/unsplash-image-iGheu30xAi8.jpg Infrastructure Security - Our cloud security assessments help you understand: Is the cloud environment configured in accordance with best practices? Is it possible for a malicious actor to gain access to the cloud environment? Are accounts and services properly and securely configured? Can users manipulate and access unauthorized services or data within the environment? Are backdoors present? Does my cloud configuration somehow make my web app or blockchain app less secure? https://www.offchainsec.com/web-application-security daily 0.75 2023-05-29 https://images.squarespace-cdn.com/content/v1/61ab8329d58c975c7fb56f7b/1646502304989-98O2FHNGC2ADRDTRS9PK/unsplash-image-iGheu30xAi8.jpg Web/API Security Web applications and APIs are ubiquitous and almost every crypto wallet, exchange, and crypto-related services provider has one. Millions of customers depend on your web apps and APIs to handle their sensitive crypto-related transactions and other services or related information. As web applications and traditional APIs (REST, SOAP, RPC) become more interconnected with the blockchain the risk of compromise increases greatly due to the complexity of these interactions. Web/API security assessments comprise four major phases. These include: 1. Recon 2. Mapping 3. Discovery 4. Exploitation https://images.squarespace-cdn.com/content/v1/61ab8329d58c975c7fb56f7b/1646503857159-XAUYBIWPEZ4A202IE0W3/unsplash-image-KiH2-tdGQRY.jpg Web/API Security - Recon consists of gathering as much open source information on the company and target web apps' attack surface as possible using OSINT techniques. The information is used to plan and steer the assessment. Mapping the web application and API comes next and includes the enumeration of directories/subdomains, associated routes and other endpoints, authentication/authorization mechanisms, session management, and more. Discovery consists of using the gathered information to find known vulnerability classes as well as finding new ways to potentially compromise the application. Exploitation comprises actual attempts to exploit the discovered vulnerabilities and misconfigurations found in the previous steps. https://images.squarespace-cdn.com/content/v1/61ab8329d58c975c7fb56f7b/1646503688017-UXDOOSJ3PYVCW8RX4VN2/unsplash-image-iGheu30xAi8.jpg Web/API Security - Our web app security assessments help you understand: Is the web app vulnerable to the most common web app attacks found in the OWASP Top 10? Is it possible for a malicious actor to gain access to the application's service, data, or dashboard? Are accounts and services properly and securely configured? Can users manipulate and access unauthorized services or data within the environment? Does my web app configuration somehow make my cloud environment or blockchain app less secure?