E-SPIN COMPANY PROFILE · Red Taming Whether your organization requires a network vulnerability assessment, network penetration test, wireless network assessment, web application

Enterprise Solution Professionals on Information and Network

Enterprise IT Solutions (Hardware, Software, Services)

Shared Service and Outsourcing

Technology Products Distribution and Trading

E-SPIN COMPANY PROFILE

E-SPIN has successfully works with organizations throughout Malaysia, and now globally in every industry, in the public

transportation and logistics companies, educational institutions and public sector agencies from federal to state government on various E-SPIN solutions and service portfolio.

who we serve

E-SPIN SDN BHD ALL RIGHT RESERVEDc E-SPIN SDN BHD ALL RIGHT RESERVEDc


who we are

what we do

Vision:

To be leading enterprise solution provider in deliver enabling solution for customer to remain competitiveness intheir respective marketplace.

E-SPIN is a leading enterprise IT solutions and outsourcing service provider with a unique approach to enterprise solution

solutions consulting, network and system integration, web development and application integration, product training, skill

certification, project management, maintenance support, and managed outsourcing services to deliver end-to-end value

adding solutions for corporate, enterprise, government and reseller business customers.

Mission:

To deliver end-to-end value-adding solutions in Solution Buying Facilitation and Consultancy; Network SystemIntegration, International Distribution and Trading; E-Business/Web Development and Application Integration; Managed Services and Outsourcing.

Consulting based on client current situation and requirement.

Solutions development and plan presentment

Project hardware, software and service sourcing and procurement.

Project management and implementation serviive

System requirement analysis and design.

Prototype and mockup development.

Acceptance test, quality assurance, penetration test.

Training, certification and skill transfer.

Project hardware, software and service maintenance support.

Managed outsourcing.Solution Buying Facilitation, Consultancy

Network and System Integration, Distribution

Web Development and Application Integration

Managed Service and Outsourcing

E-SPIN SDN BHD ALL RIGHT RESERVEDc

E-SPIN stand for Enterprise Solutions Professional on Information and Network. E-SPIN is privately held companyestablished in 2005.

E-SPIN operates as the regional hub for E-SPIN's operations in Malaysia, Singapore, Brunei, Tailand, Indonesia,Philipine, Vietnam and other South East Asia (SEA) and near by countries such as India, China and Middle Eastcountries.

BUSINESS APPLICATION AND TECHNOLOGY TRANSFORMATION

AVAILABILITY , STORAGE AND BUSINESS CONTINUITY

SECURITY, RISK AND COMPIANCE MANAGEMENT

END-TO-END VALUE ADDING SOLUTIONS AND OUTSOURCING

erprise Resource Planning (ERP) and Enterprise Wide Management Application

omer Relationship Management

structure Virtualization

Business Domain


e

ructureng

ing

tion


Enterprise Solution Professionals on Information and Network


E- Business & Web Solutions

IT Solutions (Hardware, Software, Services)

Business Process & Technology Outsourcing

Vulnerability Management

Vulnerability Management, Security Assessment, Penetration Testing

Network Vulnerability Assessment

Network Penetration Testing

Red Taming

Whether your organization requires a network vulnerability assessment, network penetration test, wireless network

assessment, web application assessment, product assessment, or a customized service offering, E-SPIN will ensure your

expectations are not only met, but exceeded.

The following are some of E-SPIN’ relevant service offerings:

Our consultants understand the challenges associated with

performing assessments against systems and networks that

require a high level of availability. E-SPIN has developed specific

methodologies for performing vulnerability assessments to deliver

valuable and accurate reporting while ensuring system availability

and minimal performance impact for critical systems. E-SPIN

can also perform vulnerability assessments for your organization

to fulfill audit and compliance requirements.

E-SPIN offers penetration testing as a distinct service, where

other companies often use the terms “vulnerability assessment”

and “penetration testing” interchangeably. While a vulnerability

assessment does provide value to a client when meeting auditory

or compliance requirements, it does not necessarily expose

the true business impact of a specific vulnerability or chain of

vulnerabilities.

Our consultants have spent years conducting penetration testing

against some of the nation’s most sensitive and well protected

networks; more often than not, achieving full control of the target

network and all computers systems on it. However, our goal is not

purely to penetrate systems and networks. Rather, the goal is a

qualitative business impact analysis of the issue.

E-SPIN has developed proprietary methodologies, combine with

best of breed tools and techniques for infiltration and escalation

of privilege on networks. E-SPIN penetration testing is much

more than simply running a single known vulnerability scanning

tool and reformatting the raw output.

The value of this service offering resides in our staff ’s expert

knowledge and use of several customized tools and techniques. At

your request, our consultants can also employ social engineering

techniques to help our clients obtain a more complete awareness

of human vulnerabilities.

It’s a well known fact that the nation’s adversaries are making a

concerted effort to penetrate our government and commercial

networks. Their goal is to steal both Intellectual Property and our

nation’s defense and intelligence secrets. Their efforts are relentless;

they have the expertise, time and resources, and capabilities - this

threat must be taken seriously.

E-SPIN can use a variety of tactics and efforts that can accurately

emulate a number of different threat levels - from the unskilled

script kiddie seeking glory to the nation-state level.

We live on the bleeding edge of Information Security; immersing

ourselves in the underground hacking community to learn hacker

tactics and tools.

Our consultants have a great amount of experience conducting

Red Team operations against certain Federal government

agencies and can easily translate this experience to the private

and corporate sector.



Periodic Vulnerability Scans

Wireless Network Assessment

Web Application Assessment

E-SPIN offers affordable periodic vulnerability scans that are designed

to identify potential vulnerabilities as they are made public. The first step

is to obtain a baseline of accessible systems and services. The follow-on

scans will then identify discrepancies from the baseline, alerting your

organization to these changes.

While this type of service is easy to automate and conduct without

human analysis, our consultants will be involved in each step, providing

a more thorough test. You define the time period, designate the network

to be scanned, and we will meet your needs. E-SPIN can also monitor

websites or even specific web pages for changes, alerting you to a

potential security breach.

Implementation of a secure wireless network can be a difficult task with

this ever-changing technology. New standards for wireless networking

have constantly been developed and introduced since the technology’s

creation.

Our consultants have specific expertise in wireless networking and

can readily demonstrate the security impact of your wireless network,

or those networks owned by other organizations in close proximity.

An improperly configured wireless network or client can provide

an anonymous back door into a corporate network, leading to the

compromise of IT infrastructure, confidential information, and

trade secrets.

Our consultants have performed web application assessments against

a variety of highly customized environments. Our methodologies

are heavily based upon highly skilled manual testing in conjunction

with advanced tools used to identify security issues. Long before the

terms “cross-site scripting” and “SQL injection” were coined, E-SPIN

consultants were assessing the security of web applications with a heavy

emphasis on the banking and finance industry.

Whether you have developed a customized web application or

implemented a COTS (Commercial Off-The-Shelf ) solution, E-SPIN

can provide assessment services to ensure that you and your client’s data

will remain protected.

E-SPIN consultants have expertise in performing wireless

assessments in both corporate and government verticals,

including retail wireless Point of Sales (WPOS) systems,

commercial hotspots (network and web application

authentication and billing methods), and industrial

environments.



Certification and Accreditation Support

Product Assessment/Analysis

Audit Preparation/Recovery

Network Architecture Review

E-SPIN has a significant amount of experience in supporting several

different Federal government agencies and corporate clients develop

their C&A packages.

E-SPIN is experienced in the development of all phases and pieces

of the C&A package to include the ISSP (Information System

Security Plan), the Vulnerability Assessment, the Risk Assessment,

ST&E (Security Testing and Evaluation), POAMs (Plan of Action

and Milestones), and of course Penetration Testing.

Our staff has performed in-depth and highly technical testing of

custom and COTS hardware and software products on behalf of the

Government and Corporate clients. This was primarily conducted as

part of the Certification and Accreditation process required prior to

the deployment of COTS products on highly sensitive government

and /or corporate networks.

The goal of a product assessment is to assess the security of the

hardware and software, identifying security significant flaws.

Whether it’s a software or hardware solution that needs to be

evaluated, E-SPIN can meet your needs.

E-SPIN engineers have approximately 5 years experience acting in

the role of independent auditor for the government agencies and

corporate clients, and as such, are uniquely qualified to assist your

organization in preparing for an audit.

In many cases we know exactly what the auditor’s tactics and

techniques will be, and we can recommend strategies to ensure that

your organization is treated fairly, while increasing the security of

your information system assets.

The foundation of a secure network lies not in whether you have

a firewall or Intrusion Detection System, but in the underlying

architecture of your network.

Our experience as auditors and consultants travelling the country

gives us a significant amount of knowledge in determining a good

network from a network that needs improvement. We are prepared

to assist your organization in designing a secure network from the

ground up, or reviewing an existing implementation.



Security Policy Development and Review

Security Training

Security Awareness Testing

Custom Solutions

E-SPIN can perform a variety of real-world testing techniques to

evaluate the effectiveness of your organization’s security awareness

training program.

These tests range from sending forged emails with simulated

malicious attachments to more complex social engineering

attacks. As with all our service offerings, E-SPIN stands willing

to customize our offerings to meet your organization’s needs.

E-SPIN specializes in providing custom solutions to meet our

clients’ needs. Feel free to contact us about your organization’s

requirements.

We have experienced in house secure application

developer delivered various custom web/application program,

vulnerability mitigation module, legacy application migration to

secure web application/ portal development.

Our staff has performed dozens of security audits which have

included the review and critique of existing security policies

against government, international, corporate guidelines and

legislation. We can help you determine whether your organization

is compliant, and recommend a path to compliance if current

policies are not effective.

While some of our consultants may be experienced instructors, we

are ethical hackers and practitioner - plain and simple. At E-SPIN

you will not find career instructors with endless certifications and

little real world experience.

We are a rare breed of InfoSec professionals with a true desire

to share information and train your personnel in an ego-

free environment. Our training course offerings range from

penetration testing techniques and tool usage, secure software

development, to vulnerability resolution and consultancy. We can

provide customized training based on your needs.


��

�� !�"��#�$�%�&'()*+,-./012340156,7/416168,)/58/49:,

�;< ��=>�?��

�@�� AB��C��C��D�E��F

< ��E��=@�EG��HIJ �� E��H

��

��

��

� !"#$!%&'!(##)*+,! #&!-.'!/#0-!1#/2&'.'+0*3'!�4!-&%*+*+,!#5'&*+,6!

"#$!%&'! #$+7!*-!%-!89:;�<=!>'!%&'!"#$&!#+'90-#2!1'+-'&! #&!

'?1'2-*#+%(!�4!-&%*+*+,!%+7!1'&-*@1%-*#+!2&#,&%/0!*+!%!3%&*'-"!# !

7'(*3'&"! #&/%-0!*+1($7*+,A!0'( 92%1'7!1#/2$-'&!-&%*+*+,6!*+0-&$1-#&9

('%7!1#$&0'0!%+7!�4!1'&-*@1%-*#+!B##-!1%/20=!C'-!89:;�<!/''-!%+7!

'?1''7!%((!# !"#$&!'3'&"7%"!1#&2#&%-'!-&%*+*+,!+''70=!

>'!$+7'&0-%+7!-.%-!'3'&"#+'!.%0!%!2&' '&&'7!/'-.#7!# !('%&+*+,=!

>*-.!-.%-!*+!/*+76!D'!.%3'!B&#%7'+'7!#$&!0'('1-*#+!-#!-%)'!*+-#!

%11#$+-!-.'!7*5'&'+-!-'%1.*+,!/'-.#70!%3%*(%B('!-#7%"=!<#D!"#$!

1%+!1.##0'!-#!*+1&'%0'!"#$&!0)*((!0'-!B"!-%)*+,!1#$&0'0!-.%-!B'0-!/''-!

"#$&!('%&+*+,!0-"('=!

E$&!,#%(!*0!-#!B&*+,!*+0-&$1-*#+!-#!(* '!&',%&7('00!# !-.'! #&/!*-!-%)'0=!F&#/!0'( 90-$7"!%+7!#+(*+'!1#/2$-'&!-&%*+*+,!-#!%!#+0*-'!-&%*+*+,!

1(%00&##/6!"#$!%&'!0$&'!-#!@+7!*-!.'&'=!!�+! %1-6!"#$!D*((!@+7!%!D*7'!&%+,'!# !2&#7$1-0!2'& '1-("!/%-1.'7! #&!"#$&0!'3'&!1.%+,*+,!

+''70=!>.'-.'&!"#$!+''7!%!#+'!-*/'!-$-#&*%(!#&!%! $((!B(#D!G'&-*@1%-*#+!H##-!G%/26!89:;�<!*0!.'&'!-#!0'&3'=!

:'( 90-$7"!1#/2$-'&!-&%*+*+,!17!1#$&0'0!%&'!2%1)'7!D*-.!*+-'&%1-*3'!1#+-'+-!

0$1.!%0!%+*/%-*#+06!3*7'#06!+%&&%-'7!0-'29B"90-'2!*+0-&$1-*#+06!1#/2$-'&!(%B06!

.%+709#+!'?'&1*0'06!I$*JJ'0!%+7!2&%1-*1'!'?%/0=!;&# '00*#+%(!%+7!4'1.+*1%(!

K' '&'+1'!H##)!B"!7#/%*+!'?2'&-!*0!-.'!2'& '1-!/'7*$/! #&!-.#0'!D.#!D*0.!

-#!('%&+!%-!-.'*&!#D+!2%1'=

L'!1#/2$-'&!-&%*+*+,!%$-.&#0!#+!-.'!0-$7"!,$*7'0!%&'!'?2'&-0!*+!-.'*&!&'(%-'7!

@'(70!%+7!.%3'!D&*--'+!-.'!-'?-!D*-.!-.'!&'%7'&!*+!/*+7=!G%0'!0-$7*'06!.%+70!#+!

'?'&1*0'06!%+7!&'3*'D!I$'0-*#+0!&#$+7!#$-!-.'!1.%2-'&0!%+7!&'*+ #&1'!'3'&"-.*+,!

-.%-!.%0!B''+!('%&+'7=!�+!%77*-*#+6!-.'!1#$&0'D%&'!-.%-!%&'!$0'7! #&!1'&-*@1%-*#+!

'?%/!2&'2%&%-*#+!-"2*1%(("!/%2!-#!-.'!&'(%-'7!'?%/M0!#BN'1-*3'0=

L'0'!#+97'/%+7! $((!/#-*#+!1#/2$-'&!-&%*+*+,!3*7'#0!7'(*3'&!*+0-&$1-#&9('7!

-&%*+*+,!*+!-.'! #&/!# !%! $((!/#-*#+!3*7'#=!O((!"#$!+''7!-#!7#!*0!D%-1.6!(*0-'+!

%+7!('%&+=!L'!*+0-&$1-#&!D*-.*+!-.'!-&%*+*+,!3*7'#!('%70!"#$!-.&#$,.!-.'!-%0)0!

*+!%!7'-%*('76!#+'9#+9#+'!/%++'&=!4%)'!%73%+-%,'!# !-'1.+#(#,"!D*-.! $((!

/#-*#+!3*7'#0=!

PQRSTUVWXYZ[V\X]WZ__aXPY]X]TUQWZb[XZ_\XcWQdV[[Q_ZbXZ_\X]Vef_eZbXgVdVWV_eVXYQQh

PQRSTUVWX]WZ__XPQTW[ViZWV

PQRSTUVWXj]X]WZ__Xk\VQ[

��

��

��

�� !��"�##��

$%&'()*+,&-./01/02&(%&34)05./02&'()+&$678)9/0,99&54+,,+&-(&-.,&

0,:-&3,;,3<&'()*;,&5(=,&-(&-.,&+/2.-&>345,?&$678)9/0,99&91/33&

5,+-/@54-/(0&-+4/0/02&/9&-.,&9=4+-,9-&=(;,&'()&540&=41,?&A.,0&

'()&45./,;,&-.,&3,;,3&(%&5,+-/@54-/(0&'()&B,9/+,<&,=>3(',+9&C/33&

+,5(20/D,&40B&+,C4+B&'()+&455(=>3/9.=,0-?&&

$0&%45-<&=40'&,=>3(',+9&+,E)/+,&5,+-/@54-/(0&%(+&9>,5/@5&F(8&

+(3,9?&G;,0&/%&'()&43+,4B'&.4;,&-.,&F(8&91/339&40B&,:>,+/,05,&

+,E)/+,B&/0&(+B,+&-(&>,+%(+=&'()+&F(8&9)55,99%)33'<&5,+-/@54-/(0&

C/33&,0.405,&'()+&=4+1,-48/3/-'?&641/02&4&5(=>)-,+&849,B&

-+4/0/02&53499&(+&5.((9/02&(09/-,&5(=>)-,+78)9/0,99&91/33&

-+4/0/02&53499,9&C/33&>+,>4+,&'()&%(+&>499/02&-.,&4>>+(>+/4-,&

5,+-/@54-/(0&,:4=?&&

H(=,-/=,9&'()&F)9-&540*-&8,4-&-.,&53499+((=&9,--/02?&I,-&>,+9(043&4--,0-/(0&40B&

/0-,+45-&C/-.&'()+&/09-+)5-(+&8'&-41/02&40&/09-+)5-(+J3,B&5(=>)-,+78)9/0,99791/33&

-+4/0/02&53499,9&4-&'()+&5(+>(+4-,&(K5,?&L&5(=8/04-/(0&(%&3,5-)+,<&B,=(9-+4-/(0<&

40B&.40B9J(0&3489<&43(02&C/-.&40&455,99/83,&/09-+)5-(+&8+/02&3,4+0/02&/0-(&%(5)9?&

M)9-(=/D,&4&3,4+0/02&5)++/5)3)=&-.4-&=,,-&'()+&5(+>(+4-,&-+4/0/02&0,,B9?&

L55,3,+4-,B&-+4/0/02&4-&/-9&8,9-N&$67O)9/0,99&H1/33&M,+-/@54-/(0&O((-&M4=>9&

B,3/;,+&/0-,09,&-+4/0/02&/0&9>,5/@5&91/339&40B&-,5.0(3(2/,9&/0&4&0(J.(3B9J84++,B&

,0;/+(0=,0-?&A/-.&0(&B/9-+45-/(09&(;,+&4&9>,5/@,B&-/=,&>,+/(B<&(03'&/0JB,>-.<&

%(5)9,B&/09-+)5-/(0<&'()&C/33&3,4+0&C.4-&'()&0,,B&/0&-.,&=(9-&,P,5-/;,&=400,+&

>(99/83,?

QRSTUVWTXUYZ[\]U_RRa]bc_SS[S

QdeVSR[SS]fgcc]b[UThW_TXR]eXXT]b_ijS

L%-,+&'()&.4;,&@0/9.,B&'()+&$6&H,+;/5,&k4042,=,0-&-+4/0/02&

40B&+,45.,B&-.,&$6$l&5,+-/@54-/(0&'()&C/33&@0B&-.4-&'()+&91/339&

4+,&4>>+,5/4-,B&40B&8,--,+&F(89&4C4/-?&m()&=4'&,;,0&B,5/B,&-(&

-+'&I$LM&M,+-/@,B&$0%(+=4-/(0&H,5)+/-'&n+(%,99/(043&40B&

G:>,+-&-+4/0/02&-(&8,5(=,&,;,0&=(+,&91/33,B&40B&8+(4B,0&'()+&

.(+/D(09?&

A.,-.,+&'()&C/9.&-(&3,4+0&=(+,&48()-&H(%-C4+,&n+(2+4==/02&

-.+()2.&I$LM&5,+-/@,B&$6&-+4/0/02&(+&/%&'()&C/9.&-(&2,-&$6$l&

$6&H,+;/5,&k4042,=,0-&5,+-/@54-/(0<&$678)9/0,99&54+,,+&-+4/0/02&

/9&-.,&C4'&-(&2(?&o,9,&5()+9,9&4+,&%(5)9,B&-(&=,,-&'()+&2(439&40B&

5(=,&/0&4&;4+/,-'&(%&%(+=4-9&-(&54-,+&-(&40'&3,4+0/02&9-'3,<&95.,B)3,&

(+&8)B2,-?&A,&.4;,&'()+&9)55,99&/0&=/0B?&l,-&)9&.,3>&'()&8,5(=,&

4&5,+-/@,B&$6&78)9/0,99&>+(%,99/(043?&

��

��

� !��"��#��$��

%&'()*+,-+./0,1/2+34/+-536+527,4,48+74.+9/25,:975,34+-30;5,34+

<32+93263275/=+831/24>/45+74.+?32@,48+623</--,3470A+B/+72/+

-57C/.+?,5D+623</--,3470+74.+/E6/2,/49/.+.3>7,4+/E6/25+53+

./0,1/2+,4-52;9532&0/.+527,4,48+32+9/25,:975,34+F335+97>6-A+

G3;+974+.,2/95+;4./257@,48+5D/+9/25,:975,34+7<5/2+5D/+

527,4,48+?D/4+H3;2-+>/>32H+,-+-5,00+<2/-D+34+5D/+0/724/.+

-;FI/95+>755/2-A+

%&'()*+,-+JKGL%K)M*+N/25,:/.+(239532+74.+OM'L+

PO,8D&'57@/-+M40,4/+'/9;2/.+L/-5,48+N/45/2+(231,./2Q+,4+

R707H-,7+7;5D32,S/+53+6231,./+-/9;2/=+623</--,3470+5/-5,48+

34+172,3;-+)LTF;-,4/--+-@,00+9/25,:975,34+5/-5,48+<32+172,3;-+

623</--,3470+,4-5,5;5,34-+74.+7;5D32,5H+7--39,75,34A+

%&'()*+9/25,:/.+6239532+-57C+974+-/5+;6+74.+>7478/+

5/>63272H+32+62,175/+5/-5,48+-,5/-+75+934</2/49/-=+

93263275,34-=+;4,1/2-,5,/-+32+74H+6079/+?,5D+)45/24/5+

799/--+53+92/75/+7+9;-53>,S/.+4/5?32@+<32+H3;2+5/-5,48+

623827>+P<32+F;0@+34-,5/+527,4,48+74.+9/25,:975,34QA+

%&'()*+70-3+-/5+;6+74.+>748/+7+62,175/+5/-5,48+9/45/2+

<32+H3;2+32874,S75,34+32+?32@,48+623</--,3470+62/</2+53+

;4./257@,48+9/25,:975,34+5/-5+,4+5D/+5/-5,48+9/45/2A

��U�� V�WXYWZ[�\]��\��\ ��U�� V�_ZYXW��]�abcdcefgehcijkjlcmincopqrhcmstujljcrvwxlswwcyslztshc{j|jlwjtjcmstujljhc}~oe�cmszjkxl�cij�jhc�skjl�btd��c��q�c~~eoceo��ccc��c��q�c~~e�c}~�~cccc��cxl�b�sgw�xl�bt�d�b|ccc��c�zz��pp��dsgw�xl�bt�d�b|

�32+93263275/+74.+831/24>/45+78/49,/-=+60/7-/+<//0+<2//+53+9345795+3;2+9/25,:975,34+74.+527,4,48+934-;05745+<32+7--,-5749/+<32+5D/+

9/25,:975,34+74.+527,4,48+679@78,48A

�� ¡

�¢

About E-SPIN

E-SPIN SDN BHD 714753-U

E-SPIN OUTSOURCING SDN BHD 825417-V

No . 21-2, Jalan PJU 8/3B, Perdana Business Centre, Damansara Perdana,

47820 Petaling Jaya, Selangor.

T: (603) 7728 2866 F: (603) 7725 4757

E: [email protected]

W: http://www.e-spincorp.com

E-SPIN is the leading technology solution and outsourcing vendor in providing solution consulting, buying facilitation, network and system integration, e-business and web solutions, business /technology share service and outsourcing. More information available at www.e-spincorp.com

Documents

E-SPIN COMPANY PROFILE · Red Taming Whether your organization requires a network vulnerability assessment, network penetration test, wireless network assessment, web application