Posts Tagged ‘security’

This video is about Industrial Control System (ICS)/SCADA Availability and Security Solution Overview by E-SPIN

Industrial Control System

For those who can not join us for the session, please see the summary and highlight clip for the event.


E-SPIN recently run a Industrial Control System (ICS)/SCADA Availability and Security Solution what’s new session cover what new for new user and existing users.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

Cloud and Virtualization Security

Cloud and Virtualization Security

Like it or not, more and more company IT infrastructure was migrated from physical to “private cloud” or “public cloud” to leverage shared and  highly scalable multi-tenant cloud infrastructure.

Traditional vulnerability management vendor is make their effort to complete their unified solution capable to covered traditional infrastructure, mobile and “cloud and virtualisation infrastructure”.

Are vulnerability assessment of the virtual is the same as the physical? The answer is yes and no. The answer is yes, you still need to audit accordingly to the infrastructure, network, wireless, application, database, server, operating system, web application and so on. The answer is also no, you got to covered additional layer – cloud and virtualisation layer, the potential vulnerability caused by virtualisation platform vendor and their respective technologies.

A good vulnerability assessment tool always capable to let your configured and audit additional layer of mobile as well as cloud/virtualization infrastructure.

From the day one, E-SPIN have pick up the best of the breed vendor to develop our complete product lineup solution that cover unified vulnerability assessment for generic use to special assessment tool for real IT auditor, security professional and compliance officer who need the right tools to deliver their duties.

Whether for the unified vulnerability management, on premises or hosted, E-SPIN is provide truly practical choice of vulnerability management mix accordingly to your budget and operation requirement, backed with our pre-sales solution consultant, implementation and onsite support team.

Please feel free to contact us for advice how to choose the right vulnerability management solution accordingly to your operation requirement. Just write in with the subject line “RFI – Vulnerability Management for Cloud Infrastructure” and attend to our sales(a)e-spincorp.com, our assigned personnel will contact your for your request.

Read Full Post »


Mobile computing devices have become a critical tool in today’s networked world as enterprises and individuals rely on mobile devices to remain reachable. Mobile devices have been, and continue to be, a source of security incidents. Thus, E-SPIN Group Of Companies would like to share on how to Secure Mobile Devices Audit.

First of all, lets have a quick understanding on what is mobile device refers to :

“Mobile device” which also known as a handheld is a small, handheld computing device, typically having a display screen with touch input and/or a miniature keyboard. It has an operating system (OS), and can run various types of application software, known as apps.

Mobile Computing Security Audit is a tool and template to be used as a for the completion of a specific assurance road map process. Mobile devices have been, and continue to be, a source of security incident. Mobile devices such as smartphones, laptops, personal digital assistants (PDAs) and Universal Serial Bus (USB) memory sticks have increased convenience, as well as productivity in the workplace. But these benefits are not without risks where there are issues such as device loss, malware and external breaches.


As the availability of human resources and systems continues to be critical to society and business operations, it stands to reason that mobile device usage will continue to escalate, as the features these devices offer. It is therefore imperative that proper risk management be applied, and security controls implemented, to maximize the benefits while minimizing the risks associated with such devices.

Have you Secure Mobile Device Audit?

If you need further assistance and inquiry, feel free to contact us for more details.

Read Full Post »

In today’s technology world, security for database has grown extremely. Data security has become an essential for every individual who connect and uses the internet daily to transfer their data. It is necessary to have a requirement which each aspect of the operation performed through internet.

Database Security

Database security is the system that controls the access to database at certain level. The privacy of data is at risk from unauthorized users, which is external sources on the network and internal users within the companies itself.

The above is the security risks that IT professionals should aware of to protect their databases:

i) Privilege Abuse:

When database users take the opportunity for excessive privileges that exceed the        requirements of their job, then these privileges can be deliberately or accidentally being abused.

ii) Legitimate Privilege Abuse:

Through this attack, the hacker with the legitimate privilege that access to the database may misuse the information which stored in the database for their purposes.

iii) Operating System vulnerabilities:

In operating system vulnerabilities, the hacker accomplishes the vulnerabilities in the operating system to let unauthorized access to the database for mischievous reasons.

iv) SQL Injection

It shows that SQL queries are capable to prevent from access controls, by passing through standard authentication, authorization checks and also do grant access to host operating system level commands.

v) Lack of Audit Trails

When proof is weak, hackers can easily get access to database by expecting the identity of the users with strategies which is social engineering and brute force.

To find out an approach to clarify the security threats, that can help your organization to meet your database security, compliance and reporting needs, explore the information given below:

Application Security, Inc. (AppSecInc) was founded in year 2001, AppSecInc was recognized as market leading database security, risk, and compliance solutions for the enterprise. AppSecInc empowers the organizations to protect their most critical database assets.

AppDetectivePro as the leading provider of cross platform solutions for the enterprise for auditors and IT advisors, and DbProtect for the enterprise – deliver the industry’s most comprehensive database security solution.

For more information about AppSecInc – AppDetective Pro and how E-SPIN may consult and assist you on the database security requirement, please contact E-SPIN or

please go to http://e-spincorp.com/espinv3/index.php/application-security

Read Full Post »

Sessions Hijacking

Social Media Facebook and Twitter is popular and widely adopted. For this article would like to share on one ID security risk that is so common for people make use of public WiFi to access their private social media account (actually it work for all the web access page submit user ID and password).

Everything I hangout at the Coffee Shops, will noted that most of people will make use of the Public WiFi to access to social media website. Most of people do not have security awareness and aware that share public WiFi is connected with all sort of people.

Below live video demonstrate is base on the scenario on the public WiFi, session hijacking can be do as easy as just auto scan and pick a victim. Please spend few minutes for the full video and get the lesson.

E-SPIN is partner with Immunity to distribute their SILICA wireless penetration testing tool set (come with wireless injector adapter, signal booster, USB boot SILICA wireless to perform wireless security assessment, penetration testing or audit). If you or your company look for secure wireless network or Access Point (AP), or consult on the wireless security assessment, penetration testing or ethical hacking, feel free to contact E-SPIN for assistance.

E-SPIN is specialize in the end to end vulnerability management, security assessment, penetration testing and ethical hacking system and point solutions, and active in serving partners, enterprises, governments and military clients.

Read Full Post »