Skip to content
  • Products
  • Services
    • Software engineeing
      • Web application
      • Mobile application
      • Internet of things
      • Cloud bases services
      • Dedicated development team
      • Maintenance
    • Product development
    • R&D
    • Testing
    • Maintenance
  • Company
  • Industries
    • Finance
    • Medical health
    • Education
    • Security
    • Internet of things
  • News
  • Career
  • Contact us
  • English (English)
  • Tiếng Việt (Vietnamese)
  • 日本語 (Japanese)
Menu
  • Products
  • Services
    • Software engineeing
      • Web application
      • Mobile application
      • Internet of things
      • Cloud bases services
      • Dedicated development team
      • Maintenance
    • Product development
    • R&D
    • Testing
    • Maintenance
  • Company
  • Industries
    • Finance
    • Medical health
    • Education
    • Security
    • Internet of things
  • News
  • Career
  • Contact us
  • English (English)
  • Tiếng Việt (Vietnamese)
  • 日本語 (Japanese)
SKG TECHNOLOGY JOINT STOCK COMPANY
  • Products
  • Services
  • Company
  • Industries
  • NEWS
  • Career
  • Contact us
  • EN
    VI JP
SKG TECHNOLOGY JOINT STOCK COMPANY
Sản phẩm
Dịch vụexpand_less
Phát triển sản phẩm
Sản xuất gia công phần mềm expand_less
Ứng dụng web Enterprise Software Development Website Application Development Mobile Application Development Cloud based service Dedicated Development Team UX/UI Design QA Testing
New Technologiesexpand_more expand_less
AI/Machine Learning IoT
Maintenance and Support
Industriesexpand_more expand_less
BFSI (Bank, Finance, Insurance) Healthcare Travel/ Logistic Ecommerce Social Business Process Application
Portfolio
Company
Blog
Contact us
SKG TECHNOLOGY JOINT STOCK COMPANY
  • Contact us
  • VI
    EN JP
Services
Software engineeing
Web application
Mobile application
Internet of things
Cloud bases services
Dedicated development team
Maintenance
Product development
R&D
Testing
Maintenance
RECRUITE
CAREER OPPORTUNITY
RECRUITMENT
EMPLOYEE MESSAGE
APPLY FORM
Products
HealthCare
Enterprice Application
IOT
SERCURITY
Company
About
Career
Portfolio
News
Software engineeing
  • Web application
  • Mobile application
  • Internet of things
  • Cloud bases services
  • Dedicated development team
  • Maintenance
Product development
R&D
Testing
Maintenance
Finance
Medical health
Education
Security
Internet of things
INFORMATION SECURITY
We cannot deny that no one can write down a software that is completely error-free. Let us help you detect security vulnerabilities in the source code to prevent possible information security risks.

WHAT WE DO

Attacks are targeting important business data and information that has accounted for more than 80%. Hackers have gradually shifted from destructive purpose trends to financial purposes.

Applications must meet basic safety and security needs. That's why you need a security solution for the source code.

SKG brings you a solution to ensure information security in the source code not only at a reasonable cost, but also eliminates the fear of information security in your application.

TOP 9 SECURITY RISKS

1. Injection

Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization

2. Broken Authentication

Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently

3. Sensitive Data Exposure

Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser.

4. XML External Entities

Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.

5. Broken Access Control

Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users’ accounts, view sensitive files, modify other users’ data, change access rights, etc.

6. Security Misconfiguration

Security misconfiguration is the most commonly seen issue. This is commonly a result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched/upgraded in a timely fashion.

7. Cross-site Scripting

XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites

8. Using Components with Known Vulerabilities

Components, such as libraries, frameworks, and other software modules, run with the same privileges as the application. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications and APIs using components with known vulnerabilities may undermine application defenses and enable various attacks and impacts.

9. Insufficient logging and monitoring

Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data.

TYPICAL PROJECTS

MIOVI - INFORMATION SECURITY ASSESSMENT FOR INVESTMENT FUND MANAGEMENT SYSTEM

MIOVI is a security assessment project on source code and the handling of security vulnerabilities that SKG makes to an investment fund management company.

SKG uses the OWASP ZAP tool to check for security vulnerabilities in source code. The evaluation results show 34 security holes, of which 4 are very serious.

SKG has come up with a solution to solve security vulnerabilities, ensure a safe operation system, eliminate big information security risks for customers.

Main security vulnerabilities :

  • Access financial information without authentication
    Access a list of all investment transactions
    Access to the entire investor list
    Full access to the system’.pdf documents

6 YEARS OF EXPERIENCE IN SOFTWARE DEVELOPMENT

PACKAGE SOFTWARE DEVELOPMENT​

EXPERIENCE WORKING ON INFORMATION SECURITY PROJECTS IN SOURCE CODE

STRICTLY COMPLY WITH INFORMATION SECURITY STANDARDS

CONTACT US
ABOUT YOUR PROJECT

Contact us

Services

Outsourcing

Product Development

Research and development

Testing

Industries

Finance

Medical Heath

Education

Information security

Internet of Things

Products

CTM - Health care

KAKABO - Enterprise Application

Artificial intelligence

MIO - Finance

WAT - Education

Company

About Company

Career opportunity

News

Terms of use

© 2023 SKG. All Rights Reserved.

Facebook Youtube

APPLICATION FOR EMPLOYMENT