Central InfoSec: Tailored Security Services for Networks and Web Applications
Throughout the past decade, the Founder and Principal Consultant at Central InfoSec, James Morris, has observed that many companies do not perform penetration testing specifically targeted at their web applications. Analyzing the expectations of leadership panels from Fortune 100 companies with regards to reporting and delivering quality results, he decided to build an offensive security program with an emphasis on application security. Unlike defensive security, offensive security focuses on proactively protecting computer systems, networks, and web applications from attacks such as finding vulnerabilities beforehand. Following a unique approach to pen testing, Central InfoSec continuously performs security testing to help the organizations make improvements and ensure their networks and web applications are safe. Additionally, by referring to real-life cases, the team continually educates their clients on the impact of breaches at the web application layer on their businesses and how routine pen tests can avoid it. Leveraging their vast consulting experience and analyzing clients’ needs, the company also offers managed security services such as managed vulnerability scanning and managed phishing campaigns to increase user awareness of employees at businesses of all sizes at affordable prices.
The Central InfoSec team is staffed with skilled security professionals bringing years of penetration testing, red teaming, exploitation, and web application experience from top organizations including Fortune 100 companies, the Department of Defense, and U.S intelligence agencies. Central InfoSec focuses on delivering quality security services, and thereby the security consultants work on one project at a time to ensure undivided attention is given to each engagement. This maximizes the value that the Central InfoSec team is able to provide and results in a higher ROI for organizations. Central InfoSec would rather provide quality services over quantity. Their goal isn’t to maximize profit, but to maximize the value that can be provided to each and every one of their clients.
Central InfoSec performs a variety of penetration tests including external-networks, internal-networks, and web applications, while delivering multiple reports targeting audiences ranging from executive leadership to application developers. The technical reports helps developers fix underlying issues by providing all the details that they need to address the problem.
Every organization, at a minimum, should receive both network penetration testing and web application penetration testing, and cost should never be the reason that quality testing is not performed
Morris believes that the most beneficial types of security assessments include collaboration, and therefore, emphasizes collaborative assessments by considering each client's vulnerability management program, user awareness, and security maturity level. The company quickly informs clients of critical vulnerabilities by creating ad-hoc reports and hosting ad-hoc debriefs as necessary.
Many companies can benefit by routinely changing up their penetration testing vendor and are highly impressed with the results that Central InfoSec delivers. Central InfoSec can quickly uncover critical vulnerabilities that have been missed for years. No automated scanning tool can replace high-quality security professionals. Utilizing Central InfoSec’s custom-built tools and manual analysis, Central InfoSec’s security experts have found numerous vulnerabilities within web applications including multiple 0-days allowing direct access to web servers hosting the applications. Once critical vulnerabilities are discovered, Central InfoSec’s experts work directly with application developers to address security flaws. With many success stories, Central InfoSec is constantly contributing to the community by sharing its knowledge through blogs, open-source projects, tool development, conferences, presentations, and local security meetups.
"Every organization, at a minimum, should receive both network penetration testing and web application penetration testing, and cost should never be the reason that quality testing is not performed" says Morris. Therefore, the company focuses on offering quality and affordable professional security services while increasing security awareness at organizations through managed phishing services. The Central InfoSec team educates clients through security assessments and tailored security training while also helping with permanent resource staffing. "We want to help organizations understand the core foundation to security, help businesses acquire the appropriate staff that they need, and help strengthen security postures through offensive security testing" concludes Morris.