Performance Lab Services proposition

  • Published on
    16-Jul-2015

  • View
    53

  • Download
    5

Transcript

SERVICES 2CONTENTSEXECUTIVE SUMMARY 3BUSINESS PROFILE 4COMPETITIVE ADVANTAGES 5FUNCTIONAL TESTING 6Our services 7Case study. Retail Bank successfully implemented Core Banking System in 6 months 11PERFORMANCE TESTING 13Our services 14Case study 1. Telecom operator supports more than 107 million mobile subscribers 18Case study 2. The largest retail network fixed delay in EOD procedure 22AUTOMATED TESTING 26Project goals 27Case study 1. Bank decreased acceptance testing time 20x 30Case study 2. Software development company saved 50% support service time for realtime monitoring 31USABILITY TESTING 32Our services 33Case study. Social network increased site conversion 3x 39 QA CONSULTING 41Our services 42SECURITY TESTING 46 Our services 473Our officesOur headquarters are located in Santa Clara, CA, USA; we also have offshore testing centers in Russia (Moscow, Izhevsk, Tyumen)Annual turnoverMoscowSanta Clara, California TyumenIzhevskWe have been in the market since 2008Our core activity issoftware testing and quality assurancePrize winner of the Leadership Index 2013 employer ratingManual and automated functional testing of mobile applications and servicesFunctional, load testing and test automation of 10+ bank systemsLoad testing of EMC DocumentumSome of our customers350+employees2010 2011 2012 2013 2014$1.5$4.9$8.6 $9.2$10.5 DOCUMENTUMEXECUTIVE SUMMARY4SOFTWARE TESTING AND QUALITY ASSURANCESECURITY TESTING USABILITY TESTINGPERFORMANCE TESTING Mobile Web Desktop IPTV Web services and API Terminals and ATMsFUNCTIONAL TESTINGAUTOMATED TESTINGQA CONSULTINGPARTNERSBUSINESS PROFILE 5OUR RATES ARE: functional tester (manual): $10+/hour performance engineer: $40+/hour functional tester (automation):$30+/hourCOMPETITIVE ADVANTAGESDEEP EXPERTISE INPERFORMANCETESTING AND AUTOMATION TESTINGWIDE USE OF VENDORS TOOLS (HP, IBM, ORACLE) AND FREE INSTRUMENTS (SELENIUM, JMETER, TESTLINK)SELF DEVELOPED TOOLS FOR TESTING THAT REDUCE THE SERVICE COST350+FULLTIME TESTING SPECIALISTS,100+ PROJECTS A YEARFULL RANGE OFTESTING SERVICES CORE ACTIVITY OF PERFORMANCE LABIS SOFTWARE TESTING SERVICES LOCAL TEAMS ANDLOWCOSTLOCATIONS AROUND THE WORLD6FUNCTIONAL TESTING7TYPE OF SERVICESTOOLSFUNCTIONAL TESTING: OUR SERVICESFUNCTIONAL TESTINGREGRESSION TESTINGINTEGRATION TESTINGUSER ACCEPTANCE TESTING DOCUMENTATION TESTING INSTALLATION TESTING8FUNCTIONAL TESTING: PROJECT GOALSREDUCE FINANCIAL AND REPUTATION RISKS RELATED TO DEFECTSREDUCE EFFORTS SPENT ON TESTING BY BUSINESS USERSENSURE COMPLIANCE SOURCE CODE VS REQUIREMENTSCUT DEVELOPMENT AND MAINTENANCE COSTS AS WELL AS TIME TO MARKETENSURE THE OPERABILITY OF THE WHOLE SYSTEM NOT INDIVIDUAL MODULES PROJECT GOALS9ANALYSIS PHASE ANALYZE BUSINESS PROCESSES DEVELOPMENT TESTING METHODOLOGYSET UP TEST MANAGEMENT TOOLS DEVELOP TEST REQUIREMENTS DEVELOP TEST CASES EXECUTE FIRST TEST ITERATION DOCUMENT AND FIX THE DEFECTS EXECUTE SECOND TEST ITERATION EXECUTION PHASEPREPARE TEST REPORTREPORTFUNCTIONAL TESTING: PROJECT SCOPE10FUNCTIONAL TESTING: PROJECT RESULTTest report contents Number of errorsthat occursduring installation and theirseverity Compliance of source codewithrequirementsdescribed in the specification Number of defects in new functionality and their severity Impact of the changes on the system quality Assess the qualityof the technical documentation, its relevance, completeness and consistency Operability of business processes passing through several systems or modules Compliance of developed functionality vs business requirementsINSTALLATION TESTINGDOCUMEN TATION TESTINGUAT INTEGRATION TESTINGFUNCTIONAL TESTINGREGRESSION TESTING11FUNCTIONAL TESTING: CASE STUDYRETAIL BANK SUCCESSFULLY IMPLEMENTED CORE BANKING SYSTEM IN 6 MONTHS.CUSTOMER PROFILE Retail bank Startup. Finance sector. The main line of business consumer loans.FUNCTIONAL AND REGRESSION TESTINGMitigate business development and financial risks related with defectsINSTALLATION TESTINGGuarantee compliance source code vs functional specificationINTEGRATION TESTINGEnsure availability all banking systems after integrationPROJECT GOALSTEAM STRUCTURECUSTOMERPROJECT MANAGERBUSINESSTEST LEAD TEST LEAD TEST LEADTEST ENGINEERTEST ENGINEERTEST ENGINEERTEST ENGINEERTEST ENGINEERTEST ENGINEERDEVELOPMENT ANALYSIS12FUNCTIONAL TESTING: CASE STUDY. PROJECT RESULTS Test report contents1182315Functional testing defects3264627Regression testing defects1182315Functional testing defects3264627Regression testing defectsCritical High Medium LowFunctional testing defects Regression testing defects Open defects statisticRETAIL BANK SUCCESSFULLY IMPLEMENTED CORE BANKING SYSTEM IN 6 MONTHS. 150 critical defects that can cause system failures and financial looses were found and fixed during the system implementation Implemented Test Management System and test process regulations Developed ~950 test cases & 7 test plans Implemented installation testing process for all system updates.051015202504.05.201308.05.201316.05.201322.05.201324.05.201326.05.201327.05.201328.05.201329.05.201330.05.201331.05.201303.06.201304.06.201305.06.201306.06.201307.06.201310.06.201311.06.201313.06.201314.06.201317.06.201318.06.201319.06.201320.06.201321.06.201324.06.201325.06.201326.06.201327.06.201328.06.201301.07.201302.07.2013Defects count Open defects statistics051015202504.05.201308.05.201316.05.201322.05.201324.05.201326.05.201327.05.201328.05.201329.05.201330.05.201331.05.201303.06.201304.06.201305.06.201306.06.201307.06.201310.06.201311.06.201313.06.201314.06.201317.06.201318.06.201319.06.201320.06.201321.06.201324.06.201325.06.201326.06.201327.06.201328.06.201301.07.201302.07.2013Defects count Open defects statistics13PERFORMANCE TESTING14TYPE OF SERVICESTOOLSPERFORMANCE TESTING: OUR SERVICESPERFORMANCE TESTINGLOAD TESTINGVOLUME TESTINGSYNTHETIC TESTINGRELIABILITY TESTING AND FAILOVER TESTING15PERFORMANCE TESTING: PROJECT GOALSREDUCE THE RISK OF SYSTEM FAILURE UNDER LOADLIST THE NECESSARY CHANGES IN SYSTEM ARCHITECTURE OR INFRASTRUCTURE THAT CAN SOLVE PERFORMANCE PROBLEMSOPTIMIZE INFRASTRUCTURE COSTS EXPLORE MAXIMUM PERFORMANCE OF SYSTEM VS COMPANY BUSINESS FORECASTPROJECT GOALS16ANALYSIS PHASE EXECUTION PHASEREPORTPERFORMANCE TESTING: PROJECT SCOPEANALYZE PRODUCTION ENVIRONMENT STATISTICANALYZE TEST RESULTIDENTIFY BOTTLENECKS DEVELOP RECOMMENDATIONSPREPARE TEST REPORTDEFINE BUSINESS PROCESSES AND TEST CASESIDENTIFY PERFORMANCE ACCEPTANCE CRITERIADEVELOP LOAD SCRIPTS, DATA POOLS AND EMULATORSDEPERSONALIZE DATABASESET UP MONITORING TOOLSCONFIGURE TEST ENVIRONMENTSEXECUTE TESTS17PERFORMANCE TESTING: PROJECT RESULTS Maximum count of userswho can work in the system at the same time without crashing or performance degradation Performance of thenew system version vs the previous one Performancecharacteristics of the IT system:runtime user operations,usage of server hardware resources(CPU, Memory, I / O) How data growth impacts the systems performance System performance during continuous load with large amounts of data Performance of different hardware configurationas well as itsscalingfeatures Compliance actual performance of the hardware configurationwith vendors commitments Number of business processes failures after the scrapping different system components System disaster recovery time and necessary conditions for recovery Changes in the systems performance after system recoveryPERFORMANCE TESTING AND LOAD TESTINGVOLUME TESTINGSYNTHETIC TESTINGRELIABILITY TESTING AND FAILOVER TESTINGTest report contents18PERFORMANCE TESTING: CASE STUDY 1 TELECOM OPERATOR SUPPORTS MORE THAN 107 MILLION MOBILE SUBSCRIBERSCUSTOMER PROFILEEXCHANGE PROTOCOL DIAGRAMSYSTEM TECHNICAL PROFILEHighloaded and complex system 100,000 transactions per second 7 main systems were load tested 40+ servers in production environment Different load instrument (HP LoadRunner, JMeter, Oracle) were used with wide range of protocols (HTTP; SMPP; SOAP; IVR; MSMQ; Oracle 2tier; Citrix) Distributed transaction modelPerformance testing Reduce financial and reputation risks related to system performance degradation after new system release or updatePROJECT GOALSLOADRUNNER C/JAVAJMETER JAVAORACLEPL/SQL Large Telecom operator in the 6 countries One of the most higly loaded billing systems in the world More than 107million mobile subscribersM.A.R.T.I.ESPPLISTENERSUPSMGUPRSGWEBSOAPFILES EXCHANGEFILES EXCHANGE, SOAP, SMPPMSMQSMPPLOCKINGMODULEOur customer is the telecommunications industry, offering mobile and fixed voice, broadband, pay TV as well as content and entertainment services in one of the worlds fastest growing regions. 19PERFORMANCE TESTING: CASE STUDY 1SIMPLIFIED BILLING SYSTEM DIAGRAM OF TELECOM OPERATORFORIS OSSSMSCIVRMail-FAX-xUSSDHP IUMSUPSMMSCSPAVMAILStateIN Cash RegisterMGHLRHLRHLRSMSCUMRSMSCPDocMARTI.RDealerR&DStockCredit Card GatewayTelBillSecurityRICataloguesSASInternetReport SIM-MARTI.SelfcareUCSNCC.ExportI-MODERBTIN-MARTIUPRSGDMSDSTKP DPCFORIS.RoamingAM MARTI 50% UPRSG 50% MG 120% SUPS 150% TelCRM.LockUnlock 8% Listener Listener 11% In-PlatformBlockingESPP ListenercashboxBankDB NKKMail-serverFAX-serverUSB mass printingSIM-card filesUsersESPP20PERFORMANCE TESTING: CASE STUDY 1. PROJECT RESULTTELECOM OPERATOR SUPPORTS MORE THAN 107 MILLION MOBILE SUBSCRIBERS 20 critical defects that can cause system failures under load were found and fixed during the regular performance testing Implemented regular performance testing process Created control point with performance characteristics of the IT system: runtime user operations, server hardware resources (CPU, Memory, I / O)Performance Labtest methodologyREADY TO INSTALLCRITICAL ERRORSTest Report.Release.4.6.2.1 Test Report.Release.4.6.2.2Test Report.Release.4.6.2.3Test Report.Release.N RELEASE 4.6.1RELEASE 4.6.2RELEASE 4.6.3RELEASE N21PERFORMANCE TESTING: CASE STUDY 2 THE LARGEST RETAIL NETWORK FIXED DELAY IN EOD PROCEDURECompare performance of different hardware configurations and select optimal systemspecific configuration.BWP DS8300BW HANABW EXADATA BWP IBM FLASHSTORAGEThese problems were business critical Insufficient system performance leads to delays in the calculation and reporting. End of Day procedure takes more than 8h, that means malformation inventory inbalance.CUSTOMER PROFILE CUSTOMER PROBLEMSPROJECT GOALSLarge retail network.Retail Network runs 106 hypermarkets and 23 supermarkets in 60 ites and has 6 million active clients.27800 employees.22WEB SERVICEBEXOLAP PROCESSORJMETERSAP BWORACLE SAP HANAEXADATAORACLE + FLASH STORAGE SAP BW is used for financial accounting, analytics and logistics. Active user counts 490, logged user counts 1000. The average number of weekly generated reports is 48904SYSTEM TECHNICAL PROFILEPERFORMANCE TESTING: CASE STUDY 2 THE LARGEST RETAIL NETWORK FIXED DELAY IN EOD PROCEDURE23PERFORMANCE TESTING: CASE STUDY 2. PROJECT RESULT. PART 1THE LARGEST RETAIL NETWORK FIXED DELAY IN EOD PROCEDURE As a result of the test, BW HANA and BW EXADATA were chosen as optimal performance configurations with the best scalability and headroom performance These configurations showed the best performance results, when various reports and EOD procedure were runAverage reporting time, %EOD execution time, %OOS and ABC rating calculationReserve availability calculationEnd of Month StProv procedure calculationEnd of Month Bonuses Allocation calculationAverage client processing timeAverage transaction costs timeAverage application server timeAverage database server time24 The main performance constraint of BWP and BWP FS configurations is database server performance CPU performance is the bottleneck of database servers Application server performance, as well as hardware resources utilization, does not depend on the database configurationAVERAGE APPLICATION SERVERS CPU LOAD AVERAGE DATABASE SERVERS CPU LOADTest duration, min Test duration, minPERFORMANCE TESTING: CASE STUDY 2. PROJECT RESULT. PART 2THE LARGEST RETAIL NETWORK FIXED DELAY IN EOD PROCEDURE25AUTOMATED TESTING26CUT TESTING ITERATION COST REDUCE TESTING TIMEIMPROVE BASE SYSTEM QUALITY AND MINIMIZE HUMAN FACTORS IMPACTGET TEST REPORT QUICKLY AND AUTOMATICALLYABILITY TO TEST DURING OFFHOURSINCREASE THE TRANSPARENCY AND ACCURACY OF SCHEDULING PROJECT GOALSAUTOMATED TESTING: PROJECT GOALS27COMMERCIALAUTOMATED TESTING: TOOLSDATABASEWEB PORTAL JENKINSJAVA LIBRARIES TEST SCENARIO (JAVA, SELENIUM)OUR FREE AUTOMATION TOOLS BASED ON:28AUTOMATED TESTING: PROJECT SCOPEANALYZE BUSINESS PROCESSES SELECT THE TOOL FOR AUTOMATED TESTINGSUPPORT AND IMPROVE AUTOMATED TESTING SYSTEM INTEGRATE THE SOLUTION INTO THE DEVELOPMENT ENVIRONMENTUPDATE AUTOMATED TESTS AND FRAMEWORK BY CUSTOMERS REQUESTPLAN EDUCATION OF CUSTOMER SPECIALISTSDEVELOP THE INSTRUCTIONS AND SUPPORT DOCUMENTATIONDEMONSTRATION AND TRANSFER SOLUTION TO CUSTOMERANALYSIS PHASE EXECUTION PHASESUPPORT *TRANSFER* Autotest support is additional optionSETUP WORKPLACES AND INFRASTRUCTURE DEVELOP AUTOMATED TESTING METHODOLOGYDEVELOP DESIGN ARCHITECTURE SCHEME DEVELOP FRAMEWORKDEVELOP AUTOMATED TESTSEXECUTE AUTOMATED TESTS AND SEND REPORT29PROJECT RESULTSAUTOMATION TESTING: CASE STUDY 1. BANK DECREASED ACCEPTANCE TESTING TIME 20X Bank with offices in 2000 cities 30.7 million clients ~ 9500 offices, 1500 ATMs ~96 000 sales points in retail partners.CUSTOMER PROFILESYSTEM TECHNICAL PROFILEPROJECT GOALSCredit system has four interfaces: Web .Net SharePoint VB6 Reduce the acceptance testing time of new system releases and updates by implementating automated testing for critical business processes.ACCEPTANCE TESTING TIME REDUCED TO 2 HOURS TEST DEVELOPMENT TIMES REDUCEDAS FRAMEWORK WAS DEVELOPEDCREATED 341 AUTOTESTSCONFIGURATION OF AUTOMATED TEST SYSTEM TAKES LESS THAN 1 MINUTETEST COMPLETE WAS INTEGRATED WITH SOAP UI FOR WORKING WITH OSB+REDUCED 20XCRITICAL BUSINESS PROCESSES TEST COVERAGE 77%EFFORTS REDUCED 3X60 SEC30Large software development companyDevelop a solution that provides realtime information about the system functioning and its services healthCUSTOMER PROFILE PROJECT RESULTSPROJECT GOALSDELIVERED RESULTS MONITORING SYSTEMSOLUTION FUNCTIONALITY Monitors services availability and operability Checks information validity Provides status report on a schedule or on demand. Shows latest status of online services and statisticsQUICK RESULTSTATISTICS 3360 AUTOMATED TESTS FOR 40 SERVICES IN 6 MONTHSAVAILABLE 24/7 VIA INTERNETMONITORING SYSTEM SEND EMAIL WITH TEST RESULTSUPLOADS TEST RESULT STATISTICS INTO EXCEL BY USERS REQUESTAUTOMATION TESTING: CASE STUDY 2. SOFTWARE DEVELOPMENT COMPANY SAVED 50% SUPPORT SERVICE TIME FOR REALTIME MONITORING31USABILITY TESTING32TYPE OF SERVICESTOOLSUSABILITY TESTING: OUR SERVICESUSABILITY TESTINGUSABILITY AUDIT33MAKING RECOMMENDATIONS OF HOW TO IMPROVE SYSTEM INTERFACE USABILITYINCREASE REVENUESBY HIGHER WEBSITECONVERSION RATEINCREASE REVENUES BY INCREASING CUSTOMER/GUEST CONVERSION RATEREDUCE OPERATIONAL COSTS FOR CLIENT CALLCENTERS AND OFFLINE OFFICES PROJECT GOALSUSABILITY TESTING: PROJECT GOALS34USABILITY TESTING: PROJECT SCOPEANALYZE BUSINESS PROCESSES DEVELOP RECOMMENDATION TO MEET USABILITY REQUIREMENTSSELECT TESTING METHODREDESIGN SCREENS TO FIX USABILITY PROBLEMSIDENTIFY TARGET AUDIENCE IN ACCORDANCE WITH THE SPECIFIC CLIENTS CRITERIAPREPARE FINAL REPORTRECRUIT TARGET AUDIENCEDEVELOP TEST SCENARIO PERFORM USER TESTSDEFINE PASS CRITERIA FOR THE TASKSANALYZE EACH USABILITY ISSUE AND THEIR SEVERITYANALYSIS PHASE EXECUTION PHASEREPORT35Test report containsinformation USABILITY TESTING: PROJECT RESULTTest report contentsEFFECTIVENESS EFFICIENCY SATISFACTIONUsers EFFECTIVENESS in performing tasksUser ERRORS with their SEVERITIES and REASONSUsers EFFICIENCY (speed) in performing tasksUSABILITY RECOMMENDATIONSLevel of users SATISFACTIONSelected SCREENS PROTOTYPES36USABILITY AUDIT: PROJECT SCOPEANALYZE BUSINESS PROCESSES DEVELOP RECOMMENDATIONS TO MEET USABILITY REQUIREMENTSREDESIGN SCREENS TO FIX USABILITY PROBLEMSCREATE FINAL REPORTANALYZE SYSTEM INTERFACE CONFORMANCE TO INTERNATIONAL USABILITY STANDARDS (ISO, GOOGLE GUIDELINES, ETC.) ANALYZE FOUND USABILITY ISSUESANALYSIS PHASE EXECUTION PHASEREPORT37USABILITY AUDIT: PROJECT RESULTBEFORE USABILITY EXPERTISE AFTER USABILITY EXPERTISETest report contentsINTERFACE PROBLEMS with their SEVERITIESUSABILITY RECOMMENDATIONSInterface,patterns,interfaceoutlookdoesntmatchGoogle mobile apps guidelines:Photo toosmall,usercantformatruenotionofaplacebythisphoto.Icons somecanbeclickedon,somenot.Text containsgrammarerrors.Selected SCREENS PROTOTYPES38USABILITY TESTING: CASE STUDY 1SOCIAL NETWORK INCREASED SITE CONVERSION IN 3 TIMESCUSTOMER PROFILE Social network. Media sector.The system allows users create goals and track achievements.CUSTOMER PROBLEMVisitors leave the site main page without registration.PROJECT GOALSEncourage new visitors to join the network by redesign of main pageDevelop recommendations to improve main page usability39BEFORE USABILITY EXPERTISE AFTER USABILITY EXPERTISEUSABILITY TESTING: CASE STUDY 1. PROJECT RESULTSMARTPROGRESS INCREASED SITE CONVERSION 3XHow we did it?USER TASK WAS: Open the main page and understand service idea.Usability recommendations were implemented and main site page was redesignedSite conversion was increased in 3 times, visit depth was increased by 3040%USABILITY TESTING SHOWS SEVERAL PROBLEMS AT THE MAIN PAGE:1. User likes background image, but they think that site is scientific;2. User tried to register but they werent success: the registration was on second page but users dont now about it bright background draw users away from join button40QA CONSULTING41QA CONSULTING: OUR SERVICESPROCESS IMPROVEMENT TECHNOLOGY IMPROVEMENTTEST PROCESS IMPROVEMENTTEST CENTER OF EXCELLENCE ORGANIZATIONRELEASE MANAGEMENT PROCESS OPTIMIZATIONREQUIREMENTS MANAGEMENT PROCESS ORGANIZATION CONTINUOUS INTEGRATION SYSTEM IMPLEMENTATIONSTATIC CODE ANALYSIS SYSTEM IMPLEMENTATIONTEST MANAGEMENT SYSTEM IMPLEMENTATIONTOOLS42QA CONSULTING: PROJECT GOALSMINIMIZE PRODUCTION AND SUPPORT COSTSIMPROVE SOFTWARE QUALITYMINIMIZE TIME TO MARKET INDICATOR FOR NEW FUNCTIONALITYSTANDARDIZE SOFTWARE TESTING PROCESSPROJECT GOALS43PROCESS IMPROVEMENTTest Process ImprovementRequirements management processTCoE organizationRelease management process optimization Maximize ROI from software testing through consolidation and standardization Ensurecompliance ofdesigned systemwith customerexpectations Find and fix potential issues at thestage of design and requirements analysis Assessmentof resources, schedule and cost at earlier stages of the project Increase interactionefficiency of different customer units in software release process Transparent planning of testingbudget Best QA practices Minimal participation of businessunits innoncore processes Accurate forecasting dateswhen new products come to the marketQA CONSULTING: PROJECT RESULT44TECHNOLOGY IMPROVEMENTQA CONSULTING: PROJECT RESULTContinuous Integration system implementation Static code analysis system implementationTest Management system implementation Established process of continuous system integration Finalized and documented systemdelivered to customer Create quality gatesfor each system release Reduce defectdetection time Reduce defect numbers duringintegration Improve transparency and manageability of thetesting process Cut the cost and time for testingdue to reusability of testing artifacts and reducing duplicative or unnecessary workTeam Version controlContinuous IntegrationQuality gates Approval Production45SECURITY TESTING46TYPE OF SERVICESPENETRATION TESTING SECURITY AUDITTOOLSSECURITY TESTING: OUR SERVICESINTERNAL PENETRATION TESTEXTERNAL PENETRATION TESTNETWORK SECURITY ANALYSISINFORMATION SECURITY RISK ANALYSIS47EXTERNAL PENETRATION TESTPROJECT GOALSGet unauthorized access to the IT system using technical vulnerabilities and social engineering techniquesPROJECT RESULTS Report about information systems vulnerabilities Recommendations to improve security level of information systems Complience with current security policy1. ANALYSIS PHASE Collect information on Customer using search engines, registration services (DNS, Whois and etc.) and others public information source Collect information of public available network recourses (network services, operating systems and applications) Identify critical data storage or processing areas, that are accessible externally Collect information on the customers employees3. REPORT Create report and develop recommendations2. EXECUTION PHASE Search common and specific exploits in webapplications (OWASP TOP10 and etc.) Determine the external vulnerability of the network perimeter Develop penetration attack vectors and methods. Try to hack using collected informationPROJECT SCOPE48INTERNAL PENETRATION TESTPROJECT GOALSGet unauthorized access to the IT system using the technical vulnerabilities and social engineering techniques.PROJECT RESULTS Report about information systems vulnerabilities Recommendations to improve security levels of information systems1. ANALYSIS PHASE Collect information of available recourses from users segment of local network (network services, operating systems and applications) Identify critical data storage or processing areas Identify vulnerable resources that could lead to the feasibility of unauthorized actions on them Identify resources vulnerability that leads to unauthorized actions on them Develop vectors and methods of penetration, that can obtain unauthorized access to critical data3. REPORT Create report and develop recommendations2. EXECUTION PHASE Attack using collected information try to get accounts and passwords using interception of network traffic try to get unauthorized access to servers, databases, users computers using incorrect settings or vulnerabilitiesPROJECT SCOPE49INFORMATION SECURITY RISK ANALYSISPROJECT GOALSCreate longterm security policy for organization based on current information security threats and risks, company assets in terms of their importance.PROJECT RESULTSRisk mitigation plan that allows to manage all potential security risks1. ANALYSIS PHASE Inventory information assets and estimate their cost Choose risk assessment methodology for particular organization3. REPORT Develop risk assessment report Develop risk mitigation plan2. EXECUTION PHASE Identify vulnerabilities and potential threats Develop a risk registry Assess information security risk (qualitative and quantitative estimation) Analyze information security measuresPROJECT SCOPE50NETWORK SECURITY ANALYSISPROJECT GOALSReduce financial and reputation risks related with low level of network security Assess information security network infrastructure level Develop recommendations to improve level of network infrastructure security using best practicePROJECT RESULTS Detailed report based on analysis of network security Recommendations for network infrastructure optimization in terms of information security Options of technical solutions for network upgrades Technical specification for network modernization1. ANALYSIS PHASE Inventory IT infrastructure Create network diagram (physical and logical) Define relationship of logical and physical network levels 3. REPORT Create security analysis report and develop recommendations. Create technical solutions and specifications2. EXECUTION PHASE Analyze network security Analyze wireless Infrastructure securityPROJECT SCOPE51SECURITY TESTING: EXTERNAL PENETRATION TEST. CASE STUDY 1 MAJOR INSURANCE COMPANY HAS PREVENTED THE POSSIBLE LEAKAGE OF PERSONAL DATA OF CUSTOMERSCUSTOMER PROFILE RESULTSSYSTEM TECHNICAL PROFILE web : . Identified 120+ potential vulnerabilities including 9 of those highly critical A fishing attack was successfully implemented that resulted in obtaining the login and password Privileged access to the database with personal data of users personal account, including name, address and mobile phone number was gained.PROJECT GOALSLarge insurance company ranked TOP 20 in 150+ mln. population countryEvaluate the possibility of unauthorized access to data through a personal account of a web portal52SECURITY TESTING: EXTERNAL PENETRATION TEST. CASE STUDY 2 AN INDEPENDENT EVALUATION OF THE SECURITY LEVEL OF THE SYSTEM BEFORE RUNNING INTO PRODUCTIONCUSTOMER PROFILE RESULTSSYSTEM TECHNICAL PROFILE Web . Identified vulnerability which allows the use of arbitrary replacement of the content of the page. Identified an opportunity for an unimpeded guess of passwords to log in. A number of XSS vulnerabilities allows to transmit the data entered by the user to the third party server CSRF vulnerability allowed to perform actions on behalf of the attacked userPROJECT GOALSIT Department of a governmental agency with the overall budget for software support $1bln in 2014 is about to run a new system for interaction between citizens and authorities. Identify the vulnerabilities of information system before its running in production Evaluate the possibility of data substitution by internal userslogin**************************passwordHeadquarters4633OldIronsidesDrive,SantaClara,California,95054,USAPhone:+18559807587www.performance-lab.cominfo@performance-lab.comOffshore testing center511,6-5Barclayastr.,Moscow,Russia,121087Phone:+74959896165www.performance-lab.ruinfo@pflb.ruMax KutuzovManagingpartnerCell:+79099041111info@performance-lab.comTHANK YOU !Performance Lab US

Recommended

View more >