Projects

In cooperation with Iquip (now known as Sogeti), Madison Gurkha has performed an extensive technical security audit (ETSA) on a very large e-business setup with large amounts of very sensitive information. Sogeti has audited the support and procedural organization and Madison Gurkha the technical IT security aspects. Because of the sensitive information and the high visibility of the project, the work of Madison Gurkha has also been audited. With a very good outcome, ofcourse.

This organization wanted to setup a new e-commerce site for its employees, customers and partners. This site was quite complex with around 15 windows 2000 based systems. Our task consisted of developing guidelines based on SANS to improve IT security. Also a lot of problem solving and trouble shooting was done by Madison Gurkha, because hardening the systems in a late stage of the project was quite a challenging task. Besides this we cooperated with the definition and setup of the operational organisation.

This organization wanted to provide functionality on its intranet to its customers, partners and suppliers. The programs were originally developed for internal use only and the code was very insecure. Madison Gurkha developed guidelines for secure programming and audited a few applications, also for educational purposes. Based on the new guidelines and a secure programming awareness session, the organization can write better new code and review existing programs on IT security aspects and improve these programs.

For this provider Madison Gurkha performed an Extensive Technical Security Audit (ETSA). Reasons for this extensive audit were suspicions of break-ins and abuse of resources. We encountered indeed some very serious IT security flaws. Ofcourse these flaws are now mitigated.

For this financial organization Madison Gurkha has performed a so called black-box security audit (also known as penetration test or ethical hack). The target was a new e-commerce environment where customers can get online quotes. Madison Gurkha was able to take over the system as administrator / root. You can read more about this project in an article that has been published in the "Automatisering Gids" (dutch).