My Blog

Penetration Testing

With the growth of electronic business transactions, organizations of all sizes must protect sensitive data and maintain regulatory compliance in their IT environment. Failure to protect critical online assets can result in financial losses and damage to your reputation.

Benefits
Our penetration testing services are designed to identify systems vulnerabilities, validate existing controls and provide a roadmap for remediation. Our solution helps:
Simplify the process of identifying and prioritizing weaknesses
Reduce risks and downtime by providing specific guidance and recommendations designed to reduce exposures
Improve return on investment by helping you strengthen protection of your critical IT assets
Draw on the combined expertise of highly skilled security consultants, as well as industry-leading security assessment tools.
How it works
We offer an end-to-end penetration testing package that begins with exercises that are designed to be safe and controlled, to simulate covert and hostile attacks. Then, we provide specific guidance and recommendations for reducing risk and increasing compliance management. Listed below are examples of key features we can provide.
e-Sealed combines penetration testing with a vulnerability assessment to identify and validate threats or weaknesses that could compromise your IT security. Our IT security experts use “best-in-class” scanning tools to perform vulnerability assessments that identify the highest potential risk to your environment. We then conduct penetration testing (ethical hacking) to manually simulate real-world network attacks, mimicking the tactics employed by malicious outsiders. The result is an IT security report of findings and a detailed risk analysis with actionable recommendations to help you better protect your IT security including network infrastructure, critical systems, and confidential data.
Penetration Testing: External Networks:
Penetration testing for Internet-accessible devices and services such as web servers, firewalls, routers. DNS, remote access, etc. Our external network security risk assessment utilizes a risk-based approach to manually identify critical infrastructure security vulnerabilities that exist on all Internet-accessible services within scope.
Penetration Testing: Internal Networks:
Penetration testing for internal servers, firewalls, routers and switches, email and DNS services. Our internal network security risk assessment utilizes a risk-based approach to manually identify critical infrastructure security vulnerabilities that exist on targeted, internal systems within scope.
More on Penetration Testing:
The term “penetration testing” is often used interchangeably with “network security assessment”. In most cases though, the purpose of a penetration test is to focus on a very specific set of computer systems or networks. Penetration testing is also known as a “pen test”. An external pen test targets an organization’s external IP address space, such as publicly-facing web servers, DNS servers, e-mail servers, and firewalls. The objective of a pen test is to determine if an external hacker can infiltrate the network and then go on to gain further unauthorized access to internal systems or confidential data.

adminPenetration Testing
read more

SAMA

SAMA cyber security framework published in 2017 is established to standardize information security processes and procedure in Saudi Arabian financial sector. The  adoption  and  implementation  of the Framework  is  a  vital  step  for  ensuring  that  Saudi  Arabian Banking, Insurance and Financing sector can manage and withstand cyber security threats. SAMA cyber security framework articulates appropriate controls and provide guidance on how to assess maturity level. The adoption of framework will ensure cyber security risks are managed throughout the financial sectors.

adminSAMA
read more

WannaCry Ransomware

A virulent new strain of ransomware known as WannaCry (Ransom.Wannacry) has hit hundreds of thousands of computers worldwide since its emergence on Friday, May 12. WannaCry is far more dangerous than other common ransomware types because of its ability to spread itself across an organization’s network by exploiting critical vulnerabilities in Windows computers, which were patched by Microsoft in March 2017 (MS17-010).

The exploit, known as “Eternal Blue,” was released online in April in the latest of a series of leaks by a group known as the Shadow Brokers, who claimed that it had stolen the data from the Equation cyber espionage group.

 

What is a Ransomware?

Ransomware is a kind of cyber-attack that involves hackers taking control of a computer system and blocking access to it until a ransom is paid.WannaCry searches for and encrypts 176 different file types and appends .WCRY to the end of the file name. It asks users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days it claims the encrypted files will be deleted.

Who is the victim?

Any unpatched Windows computer is potentially susceptible to WannaCry. Organizations are particularly at risk because of its ability to spread across networks and a number of organizations globally have been affected, the majority of which are in Europe. However individuals can also be affected.

Although Middle East is least affected by this ransomware until now, researchers have warned that new version of WannaCry will be more destructive.

How I can be protected?

The best protection against ransomware attacks is to have all files backed up in a completely separate system. This means that if you suffer an attack you won’t lost any information to the hackers.

It is difficult to prevent determined hackers from launching a ransomware attack, but exercising caution can help. Cyber attackers need to download the malicious software onto a computer and other connected device. The most common ways of installing the virus are through compromised emails and websites.

How e-Sealed can help?

e-Sealed security is determined to provide security services to all kinds of organizations as well as individuals. A nominal fee of SAR 100 is charged by e-sealed to scan your PC or laptop for weaknesses that can cause WannaCry to hack you. In addition other vulnerabilities will also be identified and reported. We will also fix the vulnerabilities so that you stay protected and secure. This service is available for all the residents of GCC.

For any queries and Support:

Contact:(M) +966552405739

Whatsapp:+966552405739

Email: trainings@e-sealed.com

adminWannaCry Ransomware
read more

Responsive design and modern websites

The use of mobile devices to surf the web is growing rapidly, but unfortunately much of the web isn’t optimized for those mobile devices. Mobile devices are often constrained by display size and require a different approach to how content is laid out on screen.
There is a lot of different screen sizes across phones, “phablets”, tablets, desktops, game consoles, TVs, even wearables. Screen sizes will always be changing, so it’s important that your site can adapt to any screen size, today or in the future.

Responsive web design, originally defined by Ethan Marcotte, responds to the needs of the users and the devices they’re using. The layout changes based on the size and capabilities of the device. For example, on a phone, users would see content shown in a single column view; a tablet might show the same content in two columns.

Almost every new client these days wants a mobile version of their website. But most of the time Responsive Design is the resque. This not only enhances and customizes the the end user experience based on his device, but also decreases development time because no need to create a different website/app for every platform.
Here at e-Sealed we build responsive websites for our clients to succeed in the mobile age, and also to decrease the costs to reach their clients on most platforms significantly.

adminResponsive design and modern websites
read more

More than 60% of Saudi Arabia Drupal websites are Vulnerable

We have discovered – at e-Sealed – that most Drupal websites in KSA are vulnerable to a very serious SQL injection attack.

More than 60% of the Drupal websites in KSA have critical security issues.

The bug was introduced in early 2011 and stayed well hidden in the core framework. It was discovered on 15th of October 2014.
E-Sealed has discovered that most (apx 62%) of the Drupal based websites in Saudi Arabia are still vulnerable to the highly critical security issue.
The vulnerability affecting all Drupal 7.x versions prior to 7.32 became public on October 15 2014 and leaves Millions of Websites Open to Hackers, This bug can be exploited remotely by non-authenticated users, and shortly after the disclosure, attackers began exploiting it using “automated attacks”. It appears that the impact/s could be quite severe – a worst case scenario is it could lead to a complete authentication bypass, or full control of and access to database contents over the Internet. According to Drupal’s own statistics, almost a million websites currently use Drupal 7.
As the initial Drupal security advisory explains, “Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.”
A followup advisory notes that automated attacks began compromising Drupal 7 websites within hours of the announcement of the flaw, and warned that simply updating to Drupal 7.32 will not remove backdoors. “You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is seven hours after the announcement,” the advisory states. “If you have not updated or applied this patch, do so immediately.”
“If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised — some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site,” the speed with which this flaw was exploited is alarming.
In many cases, it simply wouldn’t have been possible for system administrators to update their systems in time to block any attacks. The best defense in this arms race is about protecting your properties in various ways that complement each other, While patching is important, there are other methods to defend against such attacks, for example by hardening your website against SQL injections, brute force attacks, and also by deploying a Web application firewall which can detect malicious behavior and stop them before they reach your internal applications.
E-sealed has discovered that most of the Drupal based websites in Kingdom which also includes some govt website from different sectors are still using vulnerable version of Drupal 7.0-7.31. This can result in massive level compromises of Information availability, integrity and confidentiality. You can contact E-sealed to test and restore your vulnerable site, E-sealed can help you to identify and mitigate your security risks by providing professional vulnerability analysis, penetration testing and website hardening services.

adminMore than 60% of Saudi Arabia Drupal websites are Vulnerable
read more

Data Center Services

As technology has increasingly become prevalent and rapidly evolving in the enterprise, from differentiation of an enterprise’s products, optimization of the enterprise itself, and integration with suppliers and partners alike, the data center has become increasingly important, as well as costly and challenging, with the rapid evolution of change, to modernize and maintain.
Key Capabilities
Modernization Services
Organizations globally are struggling to modernize their operations and control expenditures while simultaneously trying to maintain their competitive advantage. Data center modernization and consolidation projects offer the opportunity to achieve all of these goals. e-Sealed  partners with enterprises to customize modernization strategies in alignment with business objectives, skill availability, compliance requirements and technology enablers.
Managed Services
e-Sealed provides enterprises a comprehensive portfolio of managed services for data center, end user and network/security environments. Managed services range from a complete outsourcing of an IT organization to the management of a particular point service.
Education
With today’s ever changing IT landscape, and environments becoming more complex, businesses have a constant need to train and certify their IT staff on the latest data center technologies. Many leading organizations turn to e-Sealed for their hardware maintenance and systems administration training as well as storage and security related training.

adminData Center Services
read more

DRIVING LICENCE IN SAUDI ARABIA

To own a driving licence whether in your own country or in abroad is something like pat on the back.In the present situation which we have observed in Saudi Arabia with the development and adaptation of technology,it is imperative that everyone of us walk hand in hand keeping in consideration the basic necessities of day-to day life.
To meet the challenging demands of the Employer both at the private sector and at the government level one should be punctual and should be aware of the various hindrances which comes while travelling from his residence to the Employer premises like distance,traffic,short-routes,roads and of course transportation.
Having said that lets focus on transportation and to have a owned transport is definitely a bonus in achieving the first step of success i.e. being well in time. To have a owned vehicle is not much difficult in today’s world but what is important is having a valid and legal driving licence.To some having a driving licence is a piece of cake not to mention the other ways to grab the driving licence other than the legal and procedural way.
With our personal experience going to a driving institute to follow the various procedures in order to obtain the driving licence is time consuming.You don’t know how long you have to wait if you don’t pass the initial tests which includes driving and computer test.It makes even more unpleasant if you are working on per hour salary basis.So time is of essence and to minimise the amount of time we should aware ourselves with the latest techniques which are available in the market which will eventually help us to have a driving licence in much less time and with less overhead.
So ladies and Gentleman its time to introduce one of the most useful mobile application in the kingdom of Saudi Arabia which not only will help us to pass the driving tests easily but will make our journey of acquiring licence pleasant.

DESCRIPTION

This app is for people, planning to take computer exam for driving license in KSA (DALLAH). Using this application you will be familiar with traffic signs quickly. You can access all the features of this app without connecting to internet: At office, while traveling, at classroom and anywhere you like.
This app has all the list of KSA traffic signs. These signs play a vital role in directing, informing and controlling road user’s behavior in an effort to make the roads as safe as possible for everyone.
This makes knowledge of traffic signs essentials. Not just for new drivers or riders needing to pass their computer test, but for all road users, including experienced professional drivers.This app is available in 3 languages,
• English
• Arabic
• UrduApplication Features:-
Road Signs:- List of different types of road signs categorized properly.
Points Table:- Lists all the traffic violation points up to date.
Computer Questions:- This list some of the common computer questions as available at the Dallah schools of KSA.
Any suggestion and comments would be highly appreciated and will be taken into consideration.
adminDRIVING LICENCE IN SAUDI ARABIA
read more