Centurion Information Security is a consulting firm based in Singapore that specialises in security assessment services. Our team consists of the most qualified consultants handpicked from our rigorous selection process designed to identify passionate people with ethical values and strong technical excellence. We take pride in producing consistent results of the highest standards through a well-defined methodology, and believe that success is in continuous learning and development as individuals and as a team. To date, we have assisted clients ranging from small and medium-sized enterprises, to multinational corporations across different industries, and government entities to navigate through difficult security challenges by providing actionable and tactical advice to manage risk.We do not provide checkbox security services which often create a false sense of security; instead we provide comprehensive, high quality, and value for money services to build trusted relationships with our clients. We apply a quality assurance process to ensure that each test meets our client's requirements in a secure and productive manner and provide quantified risk ratings (CVSS) with insightful reporting for both technical specialists and business representatives.

http://www.aisp.sg/

Delivered consulting services for clients in banking and finance, telecommunications, real estate development, software development, and security solution providers.Lead and advise clients throughout the life-cycle of the projects, from the initial discussions around scoping, delivering the agreed upon work, discussions with stakeholders and engineers around remediation of security vulnerabilities, to acceptance testing which ensures an effective solution is applied.Provided security assurance services including penetration testing of applications and networks, vulnerability assessments, architecture and source code reviews of web and mobile applications, configuration reviews of host operating systems, application servers, and network devices.Engage and advise clients within the banking and financial industry to go beyond compliance with MAS TRM, government regulations, and corporate initiatives resulting in better protection of their critical information assets.Developed software in Python to assist in configuration reviews and the creation of hardening guidelines, and to deliver customized vulnerability reporting and integration with clients’ in-house systems.

Provided information security consulting services with a focus on penetration testing of web, mobile, client applications, and networks.Presented at company training events on improving the technical delivery of services around network penetration tests and application fuzzing.Worked with clients to scope and plan projects.Reviewed source code for web and mobile applications.Attacked mobile applications running on Android, iOS (iPhone/iPad), Blackberry.Exploited a misconfiguration in authentication controls to gain administrative access without credentials.Discovered and exploited high risk vulnerabilities to gain complete control of systems.Worked on tools to exploit password weaknesses in fully patched environments.Responsibly disclosed vulnerabilities in Microsoft Dynamics CRM – KB2739504.Presented at local OWASP meetings and XCon 2013 security conference in Beijing, China.

Areas of expertise include networking technologies and penetration testing.Conducted penetration tests and vulnerability assessments on web application, mobile payment applications, and heterogeneous networks.Well versed in various IT security testing tools and has performed application penetration testing, network vulnerability assessment and database application penetration testing using automated tools as well as through directed manual testing and exploit creation, with the aid of available tools such as Paros, Burp, WebScarab, WebInspect, Nessus, NeXpose, Metasploit, and Nmap.Experience in conducting security assessments, procedure and policy review, source code review, application security controls review, and security configuration review of various servers and network devices.Acted as team lead to ensure that deliverables met the manager's and client's expectations.Discovered and exploited a HTTP smuggling vulnerability on an Internet banking application.

System and network administration and Information Technology servicesManaged the network and servers (Linux and Sun Solaris) in Singapore and Mountain View, USAManaged Cisco hardware firewalls and Linux iptables software firewallsDesigned and implemented a centralized authentication system and identity access managementImplemented a network intrusion detection system (IDS) for monitoring and responding to threats from internal and external sourcesCreated and managed servers to provide networking services including DHCP,DNS, LDAP, NTPConducted security assessments and worked with the engineering and quality assurance departments to implement improvements in the production environmentConducted security awareness programs to improve organizational security and user awareness of threats and to encourage secure practicesWorked with zero budget and maximized utility of existing resourcesWorked with support team to design and implement improvements for availability, reliability, and security updatesSetup a centralized password management and conducted training and user awarenessResponded to malware infections including conficker/downadup/kido/storm,trojans, spyware, and worked on implementing corporate wide security software and user education for prevention