ONE STOP
CYBERSECURITY PARTNER A cyber attack happens every
39 seconds

Enterprise-level security testing services by OSCP, CREST, and CEH(Master) certified security analysts adhering to international compliance standards such as HIPAA, GDPR, PCI DSS, ISO 27001, FINRA.

225

Applications
Secured

1200

Vulnerabilities
Identified

500

Threats
Neutralized

Services
Modshield SB

Are you at the crossroads of your IT Security Infrastructure?

A comprehensive range of cybersecurity services which helps your organization to align with the security compliances. We help you prepare with our industry leading assessments and security strategies.

Why ModShield SB Web Application Firewall (WAF)?

Modshield SB, the custom-built Web Application Firewall powered by ModSecurity and OWASP CRS, is an easy-to-implement, WAF.

14 Day Free Trial

OUR EXPERIENCE IN
VARIOUS INDUSTRIES

HOW WE BENEFITED VARIOUS INDUSTRIES

BFSI

Identified vulnerable areas and successfully exploited shareholders information – positions, contact information, banking details etc using a SQL injection vulnerability in one of the largest stock markets in India. We were able to avert a crash in the critical system and loss of brand image globally.

HEALTHCARE

Bypassed the authentication, authorization and extracted patient information, contact information, disease and prescriptions, by breaching the network security measures, using SQL injection. Prevented the complete take over of clinical systems and possible corruption of national regulatory information.

RETAIL

Encountered issues that allow malefactors to run executable code of their choice on the machine with ease without assistance from the user. Prevented the exploitation of Personally Identifiable Information and the compromise of the entire system in the largest pizza delivery chain in the country.

EDUCATION

Discovered vulnerabilities that allows an attacker to reside on the same local network as the victim and prevented cookie stealing and redirection to malicious site for one of the edutech giants in India.

TRAVEL & LOGISTICS

Fixed Issue that allows an attacker to reside on the same local network as the victim thereby preventing the enervation of major functionality of the appliance for one of the leading taxi aggregators in Switzerland.

PUBLIC SERVICES

Detected IDOR when the application takes user supplied input and uses it to retrieve an object without performing sufficient authorization checks. Our early interference prevented unauthorized access and modification of sensitive data.

We offer a wide range of services and provide realtime Solutions

AST – Application Security Testing

Testing weaknesses and vulnerabilities in source code, reporting on the security level of a web application across the Software Development Life Cycle (SDLC).

Infrastructure/Network security testing

Penetrate application protocol, network devices, servers, IPs, to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code attacks.

IoT Security Testing

Rigorously evaluate the IoT environment to ensure the efficacy of security controls, this includes: IoT architecture and systems review.

Compliance Validations

Enacted by any regulatory authorities it is best to protect the confidentiality, integrity, and availability of data for your users.

Red team Exercises

We help your organisation understand the vulnerabilities that your systems face by launching a controlled real world hack to test the resilience of your systems.

Performance Testing

Making sure the response time, user transactions, virtual users per unit of time, error rate, throughput of the production environment are in check through a simulation.

Modshield SB Web Application Firewall (WAF) – Powered by ModSecurity and OWASP CRS

Modshield SB is tailor-made to fit your app’s security needs. It is packed with security features that enable a 360-degree protection for your app and hosting infrastructure. Powered by the OWASP Core Ruleset, Modshield SB provides optimal coverage against OWASP’s Top 10 threat vectors, automation protection, and safeguard against credential stuffing attacks.

Unlimited Domains

Active Threat Intelligence

Data Leakage Protection

Custom Rules Support

What Our Clients say

StrongBox IT have been an excellent choice for our application and security testing needs. They have a wonderful team of technical domain experts who are knowledgeable and professional. It has been a real pleasure liaising with them and strongly recommending others. Keep up the good work.

Jacob Vijay
IT President, AVP Medusind

I would highly recommend StrongBox IT for any security / vulnerability checks. StrongBox IT has a highly professional team who can be relied upon for every bit of detail around security issues and their reporting is spot on. Would always be my go to partner for any penetration tests.

Balaji Sharma
Director, Agnostic Systems

The team at StrongBox IT have been our security partner over the last three years and we couldn’t be happier with their service. They have consistently worked through the details with us and helped keep our platform secure. I would have no hesitation in recommending them to any application or service provider. Thanks joseph!

Karthik Reddy
CIO and CTO, Bangthetable

StrongBox IT provided an extensive, very detailed oriented VAPT report as a part of infosec clearance for our process discovery product “Surface AI”. Not only did they exceed our clients expectations but StrongBox IT represented fantastic value for money.

Pagutharivu Muthusamy
CEO and Co-Founder, SurfaceInsight

We had a very good engagement with StrongBox IT for helping one of our European customers . Joseph and his team were professional in executing security testing on the application we built and helped us deliver better.

Allwyn Herbert Raja
Senior Vice President, Object Frontier Software

Frequently Asked Questions (FAQ)

Why do I need security testing?

All IT assets including infrastructure, web and mobile applications are exposed to a myriad of threats and need to be tested to understand their vulnerability to these threats. Infrastructure security testing is normally conducted very frequently by internal teams and at least once annually by an external third party. Web and mobile applications are tested before their release to production and once after every major upgrade buy a qualified third party.

Our clients do not know StrongBox IT. How can the credibility of StrongBox IT’s penetration testing report be ascertained?

The credibility of security validations (vulnerability assessment and penetration testing) lies solely on the standards at which these validations are performed and on the qualifications of the consultants who perform the validation. StrongBox IT follows SAN, NIST, OWASP Top 10 and ISO 27001 guided testing methodologies which are evidenced in our reports making it acceptable against any compliance standards globally. Our testers are OSCP and CREST certified testers. Our reports carry the license numbers of the testers and can be validated online.

How does StrongBox IT’s approach accommodate the latest threats?

StrongBox IT is the OEM vendor for Modshield SB Web application firewall and an implementation partner for Alienvault (AT&T Security) SIEM. Both these products consume active threat intelligence from various threat feeds. These threat feeds also provide us with specific test cases that are consistently added / updated in our test suite

How much does a penetration testing cost?

We would love to let you know this straight off but it depends on the scope at hand. If it is infrastructure only (like servers, firewalls, routers, cloud servers etc), a first level assessment might cost around 150USD per asset and the cost is significantly higher when a full-fledged penetration testing is required. For web and mobile applications, a grey box credentialed penetration testing as per OWASP Top 10 standards, performed by certified consultants can cost upwards of USD 5000. The scope, the complexity and the volume of testing play a critical role in the final prices.

What is StrongBox IT’s experience in security testing?

StrongBox IT has been providing application and infrastructure penetration testing for the last five years. Our clients are leading product owners and SMBs across all businesses and geographies. We have offices in USA and India and service partners in UK, Mainland Europe, Scandinavia, GCC, Southeast Asia, Australia and New Zealand. All our clients and partners can be referenced for establishing our commitment to quality and customer satisfaction.

Do I have to perform penetration testing on my application every time I make a change to it?

Ideally, yes but that would be an overkill. We recommend a penetration testing to be performed every time a major upgrade is done and a minimum of once annually even if there are no changes to the application. We also recommend that as an ongoing process, you implemented an automated scan at frequent intervals.

ONE STOP
CYBERSECURITY PARTNER A cyber attack happens every
39 seconds

OUR EXPERIENCE IN
VARIOUS INDUSTRIES