Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Enterprise Solution Professionals on Information and Network
Enterprise IT Solutions (Hardware, Software, Services)
Shared Service and Outsourcing
Technology Products Distribution and Trading
E-SPIN COMPANY PROFILE
E-SPIN has successfully works with organizations throughout Malaysia, and now globally in every industry, in the public
transportation and logistics companies, educational institutions and public sector agencies from federal to state government on various E-SPIN solutions and service portfolio.
who we serve
E-SPIN SDN BHD ALL RIGHT RESERVEDc E-SPIN SDN BHD ALL RIGHT RESERVEDc
E-SPIN COMPANY PROFILE
who we are
what we do
Vision:
To be leading enterprise solution provider in deliver enabling solution for customer to remain competitiveness intheir respective marketplace.
E-SPIN is a leading enterprise IT solutions and outsourcing service provider with a unique approach to enterprise solution
solutions consulting, network and system integration, web development and application integration, product training, skill
certification, project management, maintenance support, and managed outsourcing services to deliver end-to-end value
adding solutions for corporate, enterprise, government and reseller business customers.
Mission:
To deliver end-to-end value-adding solutions in Solution Buying Facilitation and Consultancy; Network SystemIntegration, International Distribution and Trading; E-Business/Web Development and Application Integration; Managed Services and Outsourcing.
Consulting based on client current situation and requirement.
Solutions development and plan presentment
Project hardware, software and service sourcing and procurement.
Project management and implementation serviive
System requirement analysis and design.
Prototype and mockup development.
Acceptance test, quality assurance, penetration test.
Training, certification and skill transfer.
Project hardware, software and service maintenance support.
Managed outsourcing.Solution Buying Facilitation, Consultancy
Network and System Integration, Distribution
Web Development and Application Integration
Managed Service and Outsourcing
E-SPIN SDN BHD ALL RIGHT RESERVEDc
E-SPIN stand for Enterprise Solutions Professional on Information and Network. E-SPIN is privately held companyestablished in 2005.
E-SPIN operates as the regional hub for E-SPIN's operations in Malaysia, Singapore, Brunei, Tailand, Indonesia,Philipine, Vietnam and other South East Asia (SEA) and near by countries such as India, China and Middle Eastcountries.
BUSINESS APPLICATION AND TECHNOLOGY TRANSFORMATION
AVAILABILITY , STORAGE AND BUSINESS CONTINUITY
SECURITY, RISK AND COMPIANCE MANAGEMENT
END-TO-END VALUE ADDING SOLUTIONS AND OUTSOURCING
erprise Resource Planning (ERP) and Enterprise Wide Management Application
omer Relationship Management
structure Virtualization
Business Domain
E-SPIN SDN BHD ALL RIGHT RESERVEDc
e
ructureng
ing
tion
E-SPIN SDN BHD ALL RIGHT RESERVEDc
Enterprise Solution Professionals on Information and Network
E-SPIN COMPANY PROFILE
E- Business & Web Solutions
IT Solutions (Hardware, Software, Services)
Business Process & Technology Outsourcing
Vulnerability Management
Vulnerability Management, Security Assessment, Penetration Testing
Network Vulnerability Assessment
Network Penetration Testing
Red Taming
Whether your organization requires a network vulnerability assessment, network penetration test, wireless network
assessment, web application assessment, product assessment, or a customized service offering, E-SPIN will ensure your
expectations are not only met, but exceeded.
The following are some of E-SPIN’ relevant service offerings:
Our consultants understand the challenges associated with
performing assessments against systems and networks that
require a high level of availability. E-SPIN has developed specific
methodologies for performing vulnerability assessments to deliver
valuable and accurate reporting while ensuring system availability
and minimal performance impact for critical systems. E-SPIN
can also perform vulnerability assessments for your organization
to fulfill audit and compliance requirements.
E-SPIN offers penetration testing as a distinct service, where
other companies often use the terms “vulnerability assessment”
and “penetration testing” interchangeably. While a vulnerability
assessment does provide value to a client when meeting auditory
or compliance requirements, it does not necessarily expose
the true business impact of a specific vulnerability or chain of
vulnerabilities.
Our consultants have spent years conducting penetration testing
against some of the nation’s most sensitive and well protected
networks; more often than not, achieving full control of the target
network and all computers systems on it. However, our goal is not
purely to penetrate systems and networks. Rather, the goal is a
qualitative business impact analysis of the issue.
E-SPIN has developed proprietary methodologies, combine with
best of breed tools and techniques for infiltration and escalation
of privilege on networks. E-SPIN penetration testing is much
more than simply running a single known vulnerability scanning
tool and reformatting the raw output.
The value of this service offering resides in our staff ’s expert
knowledge and use of several customized tools and techniques. At
your request, our consultants can also employ social engineering
techniques to help our clients obtain a more complete awareness
of human vulnerabilities.
It’s a well known fact that the nation’s adversaries are making a
concerted effort to penetrate our government and commercial
networks. Their goal is to steal both Intellectual Property and our
nation’s defense and intelligence secrets. Their efforts are relentless;
they have the expertise, time and resources, and capabilities - this
threat must be taken seriously.
E-SPIN can use a variety of tactics and efforts that can accurately
emulate a number of different threat levels - from the unskilled
script kiddie seeking glory to the nation-state level.
We live on the bleeding edge of Information Security; immersing
ourselves in the underground hacking community to learn hacker
tactics and tools.
Our consultants have a great amount of experience conducting
Red Team operations against certain Federal government
agencies and can easily translate this experience to the private
and corporate sector.
E-SPIN SDN BHD ALL RIGHT RESERVEDc
Vulnerability Management, Security Assessment, Penetration Testing
Periodic Vulnerability Scans
Wireless Network Assessment
Web Application Assessment
E-SPIN offers affordable periodic vulnerability scans that are designed
to identify potential vulnerabilities as they are made public. The first step
is to obtain a baseline of accessible systems and services. The follow-on
scans will then identify discrepancies from the baseline, alerting your
organization to these changes.
While this type of service is easy to automate and conduct without
human analysis, our consultants will be involved in each step, providing
a more thorough test. You define the time period, designate the network
to be scanned, and we will meet your needs. E-SPIN can also monitor
websites or even specific web pages for changes, alerting you to a
potential security breach.
Implementation of a secure wireless network can be a difficult task with
this ever-changing technology. New standards for wireless networking
have constantly been developed and introduced since the technology’s
creation.
Our consultants have specific expertise in wireless networking and
can readily demonstrate the security impact of your wireless network,
or those networks owned by other organizations in close proximity.
An improperly configured wireless network or client can provide
an anonymous back door into a corporate network, leading to the
compromise of IT infrastructure, confidential information, and
trade secrets.
Our consultants have performed web application assessments against
a variety of highly customized environments. Our methodologies
are heavily based upon highly skilled manual testing in conjunction
with advanced tools used to identify security issues. Long before the
terms “cross-site scripting” and “SQL injection” were coined, E-SPIN
consultants were assessing the security of web applications with a heavy
emphasis on the banking and finance industry.
Whether you have developed a customized web application or
implemented a COTS (Commercial Off-The-Shelf ) solution, E-SPIN
can provide assessment services to ensure that you and your client’s data
will remain protected.
E-SPIN consultants have expertise in performing wireless
assessments in both corporate and government verticals,
including retail wireless Point of Sales (WPOS) systems,
commercial hotspots (network and web application
authentication and billing methods), and industrial
environments.
E-SPIN SDN BHD ALL RIGHT RESERVEDc E-SPIN SDN BHD ALL RIGHT RESERVEDc
Vulnerability Management, Security Assessment, Penetration Testing
Certification and Accreditation Support
Product Assessment/Analysis
Audit Preparation/Recovery
Network Architecture Review
E-SPIN has a significant amount of experience in supporting several
different Federal government agencies and corporate clients develop
their C&A packages.
E-SPIN is experienced in the development of all phases and pieces
of the C&A package to include the ISSP (Information System
Security Plan), the Vulnerability Assessment, the Risk Assessment,
ST&E (Security Testing and Evaluation), POAMs (Plan of Action
and Milestones), and of course Penetration Testing.
Our staff has performed in-depth and highly technical testing of
custom and COTS hardware and software products on behalf of the
Government and Corporate clients. This was primarily conducted as
part of the Certification and Accreditation process required prior to
the deployment of COTS products on highly sensitive government
and /or corporate networks.
The goal of a product assessment is to assess the security of the
hardware and software, identifying security significant flaws.
Whether it’s a software or hardware solution that needs to be
evaluated, E-SPIN can meet your needs.
E-SPIN engineers have approximately 5 years experience acting in
the role of independent auditor for the government agencies and
corporate clients, and as such, are uniquely qualified to assist your
organization in preparing for an audit.
In many cases we know exactly what the auditor’s tactics and
techniques will be, and we can recommend strategies to ensure that
your organization is treated fairly, while increasing the security of
your information system assets.
The foundation of a secure network lies not in whether you have
a firewall or Intrusion Detection System, but in the underlying
architecture of your network.
Our experience as auditors and consultants travelling the country
gives us a significant amount of knowledge in determining a good
network from a network that needs improvement. We are prepared
to assist your organization in designing a secure network from the
ground up, or reviewing an existing implementation.
E-SPIN SDN BHD ALL RIGHT RESERVEDc
Vulnerability Management, Security Assessment, Penetration Testing
Security Policy Development and Review
Security Training
Security Awareness Testing
Custom Solutions
E-SPIN can perform a variety of real-world testing techniques to
evaluate the effectiveness of your organization’s security awareness
training program.
These tests range from sending forged emails with simulated
malicious attachments to more complex social engineering
attacks. As with all our service offerings, E-SPIN stands willing
to customize our offerings to meet your organization’s needs.
E-SPIN specializes in providing custom solutions to meet our
clients’ needs. Feel free to contact us about your organization’s
requirements.
We have experienced in house secure application
developer delivered various custom web/application program,
vulnerability mitigation module, legacy application migration to
secure web application/ portal development.
Our staff has performed dozens of security audits which have
included the review and critique of existing security policies
against government, international, corporate guidelines and
legislation. We can help you determine whether your organization
is compliant, and recommend a path to compliance if current
policies are not effective.
While some of our consultants may be experienced instructors, we
are ethical hackers and practitioner - plain and simple. At E-SPIN
you will not find career instructors with endless certifications and
little real world experience.
We are a rare breed of InfoSec professionals with a true desire
to share information and train your personnel in an ego-
free environment. Our training course offerings range from
penetration testing techniques and tool usage, secure software
development, to vulnerability resolution and consultancy. We can
provide customized training based on your needs.
E-SPIN SDN BHD ALL RIGHT RESERVEDc E-SPIN SDN BHD ALL RIGHT RESERVEDc
������������ ����������������������������������������
���������� �!�"��#�$�%�&'()*+,-./012340156,7/416168,)/58/49:,
�;< ������=>�?�� �����
�@�� �����AB�������C�������C��D�E��F
< ���������E���=@�EG����HIJ ��� �E��H
������������������ ���� ��� �����
��������������������������������������
���������������������������
� !"#$!%&'!(##)*+,! #&!-.'!/#0-!1#/2&'.'+0*3'!�4!-&%*+*+,!#5'&*+,6!
"#$!%&'! #$+7!*-!%-!89:;�<=!>'!%&'!"#$&!#+'90-#2!1'+-'&! #&!
'?1'2-*#+%(!�4!-&%*+*+,!%+7!1'&-*@1%-*#+!2&#,&%/0!*+!%!3%&*'-"!# !
7'(*3'&"! #&/%-0!*+1($7*+,A!0'( 92%1'7!1#/2$-'&!-&%*+*+,6!*+0-&$1-#&9
('%7!1#$&0'0!%+7!�4!1'&-*@1%-*#+!B##-!1%/20=!C'-!89:;�<!/''-!%+7!
'?1''7!%((!# !"#$&!'3'&"7%"!1#&2#&%-'!-&%*+*+,!+''70=!
>'!$+7'&0-%+7!-.%-!'3'&"#+'!.%0!%!2&' '&&'7!/'-.#7!# !('%&+*+,=!
>*-.!-.%-!*+!/*+76!D'!.%3'!B&#%7'+'7!#$&!0'('1-*#+!-#!-%)'!*+-#!
%11#$+-!-.'!7*5'&'+-!-'%1.*+,!/'-.#70!%3%*(%B('!-#7%"=!<#D!"#$!
1%+!1.##0'!-#!*+1&'%0'!"#$&!0)*((!0'-!B"!-%)*+,!1#$&0'0!-.%-!B'0-!/''-!
"#$&!('%&+*+,!0-"('=!
E$&!,#%(!*0!-#!B&*+,!*+0-&$1-*#+!-#!(* '!&',%&7('00!# !-.'! #&/!*-!-%)'0=!F&#/!0'( 90-$7"!%+7!#+(*+'!1#/2$-'&!-&%*+*+,!-#!%!#+0*-'!-&%*+*+,!
1(%00&##/6!"#$!%&'!0$&'!-#!@+7!*-!.'&'=!!�+! %1-6!"#$!D*((!@+7!%!D*7'!&%+,'!# !2$1-0!2'& '1-("!/%-1.'7! #&!"#$&0!'3'&!1.%+,*+,!
+''70=!>.'-.'&!"#$!+''7!%!#+'!-*/'!-$-#&*%(!#&!%! $((!B(#D!G'&-*@1%-*#+!H##-!G%/26!89:;�<!*0!.'&'!-#!0'&3'=!
:'( 90-$7"!1#/2$-'&!-&%*+*+,!17!1#$&0'0!%&'!2%1)'7!D*-.!*+-'&%1-*3'!1#+-'+-!
0$1.!%0!%+*/%-*#+06!3*7'#06!+%&&%-'7!0-'29B"90-'2!*+0-&$1-*#+06!1#/2$-'&!(%B06!
.%+709#+!'?'&1*0'06!I$*JJ'0!%+7!2&%1-*1'!'?%/0=!;&# '00*#+%(!%+7!4'1.+*1%(!
K' '&'+1'!H##)!B"!7#/%*+!'?2'&-!*0!-.'!2'& '1-!/'7*$/! #&!-.#0'!D.#!D*0.!
-#!('%&+!%-!-.'*&!#D+!2%1'=
L'!1#/2$-'&!-&%*+*+,!%$-.�!#+!-.'!0-$7"!,$*7'0!%&'!'?2'&-0!*+!-.'*&!&'(%-'7!
@'(70!%+7!.%3'!D&*--'+!-.'!-'?-!D*-.!-.'!&'%7'&!*+!/*+7=!G%0'!0-$7*'06!.%+70!#+!
'?'&1*0'06!%+7!&'3*'D!I$'0-*#+0!&#$+7!#$-!-.'!1.%2-'&0!%+7!&'*+ #&1'!'3'&"-.*+,!
-.%-!.%0!B''+!('%&+'7=!�+!%77*-*#+6!-.'!1#$&0'D%&'!-.%-!%&'!$0'7! #&!1'&-*@1%-*#+!
'?%/!2&'2%&%-*#+!-"2*1%(("!/%2!-#!-.'!&'(%-'7!'?%/M0!#BN'1-*3'0=
L'0'!#+97'/%+7! $((!/#-*#+!1#/2$-'&!-&%*+*+,!3*7'#0!7'(*3'&!*+0-&$1-#&9('7!
-&%*+*+,!*+!-.'! #&/!# !%! $((!/#-*#+!3*7'#=!O((!"#$!+''7!-#!7#!*0!D%-1.6!(*0-'+!
%+7!('%&+=!L'!*+0-&$1-#&!D*-.*+!-.'!-&%*+*+,!3*7'#!('%70!"#$!-.&#$,.!-.'!-%0)0!
*+!%!7'-%*('76!#+'9#+9#+'!/%++'&=!4%)'!%73%+-%,'!# !-'1.+#(#,"!D*-.! $((!
/#-*#+!3*7'#0=!
PQRSTUVWXYZ[V\X]WZ__aXPY]X]TUQWZb[XZ_\XcWQdV[[Q_ZbXZ_\X]Vef_eZbXgVdVWV_eVXYQQh
PQRSTUVWX]WZ__XPQTW[ViZWV
PQRSTUVWXj]X]WZ__Xk\VQ[
������������������ ���� ��� ����������������������� ���� ��� �����
��������������������������������������
���������������������������
������������ �!��������"�##������������������������������
$%&'()*+,&-./01/02&(%&34)05./02&'()+&$678)9/0,99&54+,,+&-(&-.,&
0,:-&3,;,3<&'()*;,&5(=,&-(&-.,&+/2.-&>345,?&$678)9/0,99&91/33&
5,+-/@54-/(0&-+4/0/02&/9&-.,&9=4+-,9-&=(;,&'()&540&=41,?&A.,0&
'()&45./,;,&-.,&3,;,3&(%&5,+-/@54-/(0&'()&B,9/+,<&,=>3(',+9&C/33&
+,5(20/D,&40B&+,C4+B&'()+&455(=>3/9.=,0-?&&
$0&%45-<&=40'&,=>3(',+9&+,E)/+,&5,+-/@54-/(0&%(+&9>,5/@5&F(8&
+(3,9?&G;,0&/%&'()&43+,4B'&.4;,&-.,&F(8&91/339&40B&,:>,+/,05,&
+,E)/+,B&/0&(+B,+&-(&>,+%(+=&'()+&F(8&9)55,99%)33'<&5,+-/@54-/(0&
C/33&,0.405,&'()+&=4+1,-48/3/-'?&641/02&4&5(=>)-,+&849,B&
-+4/0/02&53499&(+&5.((9/02&(09/-,&5(=>)-,+78)9/0,99&91/33&
-+4/0/02&53499,9&C/33&>+,>4+,&'()&%(+&>499/02&-.,&4>>+(>+/4-,&
5,+-/@54-/(0&,:4=?&&
H(=,-/=,9&'()&F)9-&540*-&8,4-&-.,&53499+((=&9,--/02?&I,-&>,+9(043&4--,0-/(0&40B&
/0-,+45-&C/-.&'()+&/09-+)5-(+&8'&-41/02&40&/09-+)5-(+J3,B&5(=>)-,+78)9/0,99791/33&
-+4/0/02&53499,9&4-&'()+&5(+>(+4-,&(K5,?&L&5(=8/04-/(0&(%&3,5-)+,<&B,=(9-+4-/(0<&
40B&.40B9J(0&3489<&43(02&C/-.&40&455,99/83,&/09-+)5-(+&8+/02&3,4+0/02&/0-(&%(5)9?&
M)9-(=/D,&4&3,4+0/02&5)++/5)3)=&-.4-&=,,-&'()+&5(+>(+4-,&-+4/0/02&0,,B9?&
L55,3,+4-,B&-+4/0/02&4-&/-9&8,9-N&$67O)9/0,99&H1/33&M,+-/@54-/(0&O((-&M4=>9&
B,3/;,+&/0-,09,&-+4/0/02&/0&9>,5/@5&91/339&40B&-,5.0(3(2/,9&/0&4&0(J.(3B9J84++,B&
,0;/+(0=,0-?&A/-.&0(&B/9-+45-/(09&(;,+&4&9>,5/@,B&-/=,&>,+/(B<&(03'&/0JB,>-.<&
%(5)9,B&/09-+)5-/(0<&'()&C/33&3,4+0&C.4-&'()&0,,B&/0&-.,&=(9-&,P,5-/;,&=400,+&
>(99/83,?
QRSTUVWTXUYZ[\]U_RRa]bc_SS[S
QdeVSR[SS]fgcc]b[UThW_TXR]eXXT]b_ijS
L%-,+&'()&.4;,&@0/9.,B&'()+&$6&H,+;/5,&k4042,=,0-&-+4/0/02&
40B&+,45.,B&-.,&$6$l&5,+-/@54-/(0&'()&C/33&@0B&-.4-&'()+&91/339&
4+,&4>>+,5/4-,B&40B&8,--,+&F(89&4C4/-?&m()&=4'&,;,0&B,5/B,&-(&
-+'&I$LM&M,+-/@,B&$0%(+=4-/(0&H,5)+/-'&n+(%,99/(043&40B&
G:>,+-&-+4/0/02&-(&8,5(=,&,;,0&=(+,&91/33,B&40B&8+(4B,0&'()+&
.(+/D(09?&
A.,-.,+&'()&C/9.&-(&3,4+0&=(+,&48()-&H(%-C4+,&n+(2+4==/02&
-.+()2.&I$LM&5,+-/@,B&$6&-+4/0/02&(+&/%&'()&C/9.&-(&2,-&$6$l&
$6&H,+;/5,&k4042,=,0-&5,+-/@54-/(0<&$678)9/0,99&54+,,+&-+4/0/02&
/9&-.,&C4'&-(&2(?&o,9,&5()+9,9&4+,&%(5)9,B&-(&=,,-&'()+&2(439&40B&
5(=,&/0&4&;4+/,-'&(%&%(+=4-9&-(&54-,+&-(&40'&3,4+0/02&9-'3,<&95.,B)3,&
(+&8)B2,-?&A,&.4;,&'()+&9)55,99&/0&=/0B?&l,-&)9&.,3>&'()&8,5(=,&
4&5,+-/@,B&$6&78)9/0,99&>+(%,99/(043?&
������������������ ���� ��� �����
��������������������������������������
� !���"�������������#��������������$�� ��������
%&'()*+,-+./0,1/2+34/+-536+527,4,48+74.+9/25,:975,34+-30;5,34+
<32+93263275/=+831/24>/45+74.+?32@,48+623</--,3470A+B/+72/+
-57C/.+?,5D+623</--,3470+74.+/E6/2,/49/.+.3>7,4+/E6/25+53+
./0,1/2+,4-52;9532&0/.+527,4,48+32+9/25,:975,34+F335+97>6-A+
G3;+974+.,2/95+;4./257@,48+5D/+9/25,:975,34+7<5/2+5D/+
527,4,48+?D/4+H3;2-+>/>32H+,-+-5,00+<2/-D+34+5D/+0/724/.+
-;FI/95+>755/2-A+
%&'()*+,-+JKGL%K)M*+N/25,:/.+(239532+74.+OM'L+
PO,8D&'57@/-+M40,4/+'/9;2/.+L/-5,48+N/45/2+(231,./2Q+,4+
R707H-,7+7;5D32,S/+53+6231,./+-/9;2/=+623</--,3470+5/-5,48+
34+172,3;-+)LTF;-,4/--+-@,00+9/25,:975,34+5/-5,48+<32+172,3;-+
623</--,3470+,4-5,5;5,34-+74.+7;5D32,5H+7--39,75,34A+
%&'()*+9/25,:/.+6239532+-57C+974+-/5+;6+74.+>7478/+
5/>63272H+32+62,175/+5/-5,48+-,5/-+75+934</2/49/-=+
93263275,34-=+;4,1/2-,5,/-+32+74H+6079/+?,5D+)45/24/5+
799/--+53+92/75/+7+9;-53>,S/.+4/5?32@+<32+H3;2+5/-5,48+
623827>+P<32+F;0@+34-,5/+527,4,48+74.+9/25,:975,34QA+
%&'()*+70-3+-/5+;6+74.+>748/+7+62,175/+5/-5,48+9/45/2+
<32+H3;2+32874,S75,34+32+?32@,48+623</--,3470+62/</2+53+
;4./257@,48+9/25,:975,34+5/-5+,4+5D/+5/-5,48+9/45/2A
�������������U��� �����V�WXYWZ[�\]���������\��\ �����������U��� �����V�_ZYXW��]�abcdcefgehcijkjlcmincopqrhcmstujljcrvwxlswwcyslztshc{j|jlwjtjcmstujljhc}~oe�cmszjkxl�cij�jhc�skjl�btd��c���q�c~~eoceo��ccc��c���q�c~~e�c}~�~cccc��cxl�b�sgw�xl�bt�d�b|ccc��c�zz��pp���dsgw�xl�bt�d�b|
�32+93263275/+74.+831/24>/45+78/49,/-=+60/7-/+<//0+<2//+53+9345795+3;2+9/25,:975,34+74.+527,4,48+934-;05745+<32+7--,-5749/+<32+5D/+
9/25,:975,34+74.+527,4,48+679@78,48A
���������������������� �������¡
�¢
About E-SPIN
E-SPIN SDN BHD 714753-U
E-SPIN OUTSOURCING SDN BHD 825417-V
No . 21-2, Jalan PJU 8/3B, Perdana Business Centre, Damansara Perdana,
47820 Petaling Jaya, Selangor.
T: (603) 7728 2866 F: (603) 7725 4757
W: http://www.e-spincorp.com
E-SPIN is the leading technology solution and outsourcing vendor in providing solution consulting, buying facilitation, network and system integration, e-business and web solutions, business /technology share service and outsourcing. More information available at www.e-spincorp.com