Whether your organization requires a network vulnerability assessment, network penetration test, wireless network assessment, web application assessment, product assessment, or a customized service offering, E-SPIN will ensure your expectations are not only met, but exceeded.

The following are some of E-SPIN’ relevant service offerings:

Our consultants understand the challenges associated with performing assessments against systems and networks that require a high level of availability. E-SPIN has developed specific methodologies for performing vulnerability assessments to deliver valuable and accurate reporting while ensuring system availability and minimal performance impact for critical systems. E-SPIN can also perform vulnerability assessments for your organization to fulfill audit and compliance requirements.

E-SPIN offers penetration testing as a distinct service, where other companies often use the terms “vulnerability assessment” and “penetration testing” interchangeably.  While a vulnerability assessment does provide value to a client when meeting auditory or compliance requirements, it does not necessarily expose the true business impact of a specific vulnerability or chain of vulnerabilities.  Our consultants have spent years conducting penetration testing against some of the nation's most sensitive and well protected networks; more often than not, achieving full control of the target network and all computers systems on it.  However, our goal is not purely to penetrate systems and networks.  Rather, the goal is a qualitative business impact analysis of the issue.

E-SPIN has developed proprietary methodologies, combine with best of breed tools and techniques for infiltration and escalation of privilege on networks. E-SPIN penetration testing is much more than simply running a single known vulnerability scanning tool and reformatting the raw output. The value of this service offering resides in our staff's expert knowledge and use of several customized tools and techniques. At your request, our consultants can also employ social engineering techniques to help our clients obtain a more complete awareness of human vulnerabilities.

It's a well known fact that the nation's adversaries are making a concerted effort to penetrate our government and commercial networks.  Their goal is to steal both Intellectual Property and our nation's defense and intelligence secrets.  Their efforts are relentless; they have the expertise, time and resources, and capabilities - this threat must be taken seriously. 

E-SPIN can use a variety of tactics and efforts that can accurately emulate a number of different threat levels - from the unskilled script kiddie seeking glory to the nation-state level.  We live on the bleeding edge of Information Security; immersing ourselves in the underground hacking community to learn hacker tactics and tools.  Our consultants have a great amount of experience conducting Red Team operations against certain Federal government agencies and can easily translate this experience to the private and corporate sector.

E-SPIN offers affordable periodic vulnerability scans that are designed to identify potential vulnerabilities as they are made public.  The first step is to obtain a baseline of accessible systems and services.  The follow-on scans will then identify discrepancies from the baseline, alerting your organization to these changes. 

While this type of service is easy to automate and conduct without human analysis, our consultants will be involved in each step, providing a more thorough test.  You define the time period, designate the network to be scanned, and we will meet your needs.  E-SPIN can also monitor websites or even specific web pages for changes, alerting you to a potential security breach.

 Wireless Network Assessment

Implementation of a secure wireless network can be a difficult task with this ever-changing technology. New standards for wireless networking have constantly been developed and introduced since the technology's creation.  Our consultants have specific expertise in wireless networking and can readily demonstrate the security impact of your wireless network, or those networks owned by other organizations in close proximity. 

 An improperly configured wireless network or client can provide an anonymous back door into a corporate network, leading to the compromise of IT infrastructure, confidential information, and trade secrets.  E-SPIN consultants have expertise in performing wireless assessments in both corporate and government verticals, including retail wireless Point of Sales (WPOS) systems, commercial hotspots (network and web application authentication and billing methods), and industrial environments.

Our consultants have performed web application assessments against a variety of highly customized environments. Our methodologies are heavily based upon highly skilled manual testing in conjunction with advanced tools used to identify security issues.

Long before the terms “cross-site scripting” and “SQL injection” were coined, E-SPIN consultants were assessing the security of web applications with a heavy emphasis on the banking and finance industry.  Whether you have developed a customized web application or implemented a COTS (Commercial Off-The-Shelf) solution, E-SPIN can provide assessment services to ensure that you and your client's data will remain protected.

E-SPIN has a significant amount of experience in supporting several different Federal government agencies and corporate clients develop their C&A packages.  E-SPIN is experienced in the development of all phases and pieces of the C&A package to include the ISSP (Information System Security Plan), the Vulnerability Assessment, the Risk Assessment, ST&E (Security Testing and Evaluation), POAMs (Plan of Action and Milestones), and of course Penetration Testing.

Our staff has performed in-depth and highly technical testing of custom and COTS hardware and software products on behalf of the Government and Corporate clients. This was primarily conducted as part of the Certification and Accreditation process required prior to the deployment of COTS products on highly sensitive government and /or corporate networks.

The goal of a product assessment is to assess the security of the hardware and software, identifying security significant flaws.  Whether it’s a software or hardware solution that needs to be evaluated, E-SPIN can meet your needs.

E-SPIN engineers have approximately 5 years experience acting in the role of independent auditor for the government agencies and corporate clients, and as such, are uniquely qualified to assist your organization in preparing for an audit.  In many cases we know exactly what the auditor’s tactics and techniques will be, and we can recommend strategies to ensure that your organization is treated fairly, while increasing the security of your information system assets.

The foundation of a secure network lies not in whether you have a firewall or Intrusion Detection System, but in the underlying architecture of your network.  Our experience as auditors and consultants travelling the country gives us a significant amount of knowledge in determining a good network from a network that needs improvement.  We are prepared to assist your organization in designing a secure network from the ground up, or reviewing an existing implementation.

Our staff has performed dozens of security audits which have included the review and critique of existing security policies against government, international, corporate guidelines and legislation.  We can help you determine whether your organization is compliant, and recommend a path to compliance if current policies are not effective.

While some of our consultants may be experienced instructors, we are ethical hackers and practitioner - plain and simple.  At E-SPIN you will not find career instructors with endless certifications and little real world experience.  We are a rare breed of InfoSec professionals with a true desire to share information and train your personnel in an ego-free environment. 

Our training course offerings range from penetration testing techniques and tool usage, secure software development, to vulnerability resolution and consultancy.  We can provide customized training based on your needs.

E-SPIN can perform a variety of real-world testing techniques to evaluate the effectiveness of your organization's security awareness training program.  These tests range from sending forged emails with simulated malicious attachments to more complex social engineering attacks.  As with all our service offerings, E-SPIN stands willing to customize our offerings to meet your organization's needs.

E-SPIN specializes in providing custom solutions to meet our clients' needs.  Feel free to contact us about your organization's requirements. We have experienced in house secure application developer delivered various custom web/application program, vulnerability mitigation module, legacy application migration to secure web application/ portal development.