Who we are
Ownux is an Information Security Consultation firm specializing in the field of Penetration Testing of every channel which classifies different security areas of interest within an organization. We are focused on Application Security, however, it is not limited to physical cyber security, reviewing the configurations of applications and security appliances. We have much more to offer.
We can easily get inclined with your in-house team to work collaboratively and with less hassles to kick-start new projects and to bring the best out of the on-going engagements. We follow and use Workflow Process Management which includes best methods and tools that can be used to evaluate risk, both within the project and within the client’s network architecture which ensures the best deliverables.
We understand that identifying vulnerabilities and exploits within a professional engagement is not enough. We strive to diligently follow the process in order to ensure desired quality and efficiency.
Ownux follows a proven process to deliver all our penetration testing engagements. We adopt a simplified version of PMBOK concept to standardize the management practices for your upcoming Penetration Testing projects. It breaks out the project life cycle into five different groups which are not phases within a project – rather a collection of repeatable process of activities depending on the status and state of project.
We also include the impact of the vulnerabilities that the clients face in their network environment not just their existence. We not only include the client risk which is measured in the pentest project but also there are inherent risk that we report to ensure quality completion of the project.
We understand that the metrics methods differ from project to project hence, the risk evaluation in Ownux’s process is measured using 3 methods, that is, Quantitative Analysis, Qualitative Analysis and Mixed Methods.
We usually follow the mixed method as the use of just one method to determine metrics is insufficient. Using a mixed method allows our security engineers to vet data, before acting. Risk metrics can be more accurate by our subject-matter experts and measurable data can be more effective than those developed using only one analysis method.
We believe that using right tools and right people for engagements ensures the deliverables of the project on time and under budget.