Madsec | About
15325
page-template,page-template-full_width,page-template-full_width-php,page,page-id-15325,ajax_fade,page_not_loaded,,qode_grid_1300,qode-theme-ver-11.2,qode-theme-bridge,wpb-js-composer js-comp-ver-5.0.1,vc_responsive
 

About

WHAT WE DO

MADSEC is a leading consulting company which specializes in information security, disaster recovery, risk surveys and penetration tests. For around 20 years, MADSEC has been supplying security hardening tests for network infrastructures, computing systems, applications and databases of companies from various fields including banking, insurance, education, finance, manufacturing, communications and hi tech. The company provides information security consulting in a way which supports the customer’s strategic goals, while providing personal and trusted service.

The knowledge and the experience we can provide are based on many years of activity in the field. For years, our management has been working in the business, economic, banking and military fields. We therefore can provide the most updated service, coupled with specialization in the most advanced technologies, without losing the ability to see the broader picture.

Our uniqueness is our team, which combines technical excellence with personal service. Our specialization in the fields of communications, information technology and security will provide your IT team with direct access to experts with rich technical knowledge, who are also capable of analyzing, learning and understanding the specific information security needs of your organization.

WHAT WE DO

Tracking attacks on the organization and leaked information at the cyber room, and using the INSECT system which was developed at MADSEC.

One of the most important tools to tackle modern cyber threats is updated intelligence. Our cyber room, which is manned by security experts, monitors attacks all over the internet and follows trends in the cyber world on a frequent basis.

Additionally, MADSEC developed the INSECT detection and alert system. The system conducts focused searches for pre-defined keywords. The system’s objective is to expose information on cyber-attacks which are expected to take place against a pre-defined organization, and / or expose information on an attack which has already been carried out. The system spots leaked business information, including personal details of the company’s employees such as email addresses and leaked passwords. The INSECT system interfaces with several items: IRC networks, forums, the large search engines (Google, Bing) and Darknet networks via Tor. The rate of planned cyber-attacks which is exposed by the system is 81.9%.

Standards and regulation are guided by a trained team whose extensive experience includes the preparation of organizations for various standards such as medical standards, ISO 27799, ISO 27001, SOX tests, authorized economic operator and other standards. The team is also experienced in helping organizations to comply with the guidelines of the Israeli Law, Information and Technology Authority, Israel’s Information Security Authority, etc.

Applicative penetration tests cover the aspect of applications in the organization, and are carried out according to the international OWASP methodology, which posits 48 categories for tests such as SQL injection, XSS and other tests. During the tests, a team of penetration testers look for the vulnerabilities in the organizational applications. The tests are conducted in regard to all the types of applications, internal and external websites, SharePoint, various client-server applications (ERP, CRM, databases, etc.), mobile applications, etc.
OWASP methodology also defines the “room for attack”, and the applicative penetration tests include this entire space:

  • The detection mechanism – Carrying out attempts to bypass the mechanism, integrity tests, testing resiliency against masquerading, testing the policy of managing users and passwords, testing the locking mechanism.
  •  User interface – Carrying out attempts to inject malicious input, attempts to disrupt the system’s availability, testing the system’s reaction to extreme situations, testing data saving by the customer, testing the representation of errors, testing the protection of output data and attempts to bypass the system’s logic.
  •   Interface with the database – Testing the use of an encrypted medium for communications, testing of the way connection data are stored, testing the compartmentalization between users, testing data access authorization policy, testing the way data are stored and encrypted in the database