• Consulting

ORGANIZATION SECURITY

Emaze S.p.A. can help clients define and coordinate technical measures and procedures mandated by Italian legislation (Privacy Act), international (Sarbanes Oxley Act) and best practices (ISO 27001, exBS7799); Risk analysis and Assessment of the security status of networking systems and complex infrastructures

 
 
TRAINING

Emaze S.p.A., operating for several years in the training area of Cyber Security both at Management and Operational level.
Currently Emaze dispenses four types of courses:

  • ROI of Hacking for CxO e Middle-Level Managers
  • Embedded Software Security
  • Security of SCADA systems
  • Secure development

The training courses can be provided from the Emaze HQ office or at Customer facilities and could provide both theoretical and practical sessions, and are taught by highly qualified staff both in Cyber Security and Software Development.

PENETRATION TEST

With over 15 years of experience, more than 70 active Customers, in the Penetration Testing area, Emaze S.p.A. is a leading partner in Italy for this type of services.

A Penetration Test is a consultancy activity which simulates an hacking attack on one of our Customers systems.

A Penetration Test activity allows Customer to obtain a snapshot of the security level of the analyzed system, the impact of the vulnerabilities on the business, and a guide on how to make a remediation to the identified vulnerabilities.
The Penetration Testing activities can be provided in Black Box, Grey Box and White Box mode under the undertaken agreements with Customer.
Emaze S.p.A,offers Penetration Testing activities on different areas of actions such as:

  • Penetration Testing of Network and Infrastructure
  • Penetration Testing of Wireless Networks or WiFi
  • Web Application Penetration Test (WAPT)
  • Penetration Test of Embedded Systems & Internet of Things (IoT)
  • Penetration Testing of Mobile Applications

The Penetration Test services provided by Emaze S.p.A., are carried out by a team of skilled staff. Emaze S.p.A. uses only employees and does not use external staff for the execution of these activities.

 
 
APPLICATION SECURITY

The Secure Code Analysis is an in-depth analysis of the application source code with the purpose of identifying security vulnerabilities through the analysis of the application source code.

The Code Review Activities allows to highlight critical issues within the following areas:

  • Authentication
  • Authorization
  • Session Management
  • Input Validation
  • Errors Management
  • Auditing and Logging
  • Encryption
  • Competition issues - Race Condition
  • Use of vulnerable components / libraries
  • Security Misconfiguration

This activity is used to find not only the security vulnerabilities in the source code, but also to find any hidden backdoors or business logic errors, which in an activity Penetration Test in Black Box mode, would be difficult to find.
The Secure Code Analysis activities are delivered by highly qualified personnel with Cyber Security and Software Development competencies.

PCI DSS

Emaze is an Italian Certified Company as PCI ASV (Approved Scanning Vendor).

Emaze can deliver the following activities in accordance with PCI DSS (Payment Card Industry - Data Security Standard):

  • Quarterly PCI ASV scans - 11.2 Requirement
  • Penetration Test - 11.3 Requirement
  • PCI Gap Analysis
  • Support to the PCI SAQ compilation

For further information about the PCI compliance send an email [email protected].