MAYASEVEN: Protecting Organizations from Hackers

Businesses are continuously evolving the way they build and deliver software to match the changing customer expectations in the digital age. However, to deliver software quickly, to meet deadlines and targets, businesses speed up the software testing process resulting in insufficient testing and verification of the products. This creates opportunities and vulnerabilities for "The Hacker" to gain access to attack an organization's systems. MAYASEVEN, a Bangkok-based penetration testing and cybersecurity consulting services company, is here to protect. With an aim to provide high-quality testing services, the company’s expert team penetrate the customer's systems to detect weaknesses and vulnerabilities. MAYASEVEN also provides recommendations and guidelines for improving security controls. “We have expert analysts who have more knowledge than the hacker and can prevent them from accessing the systems by highlighting and suggesting action points to resolve the areas of concern,” says Nop Phoomthaisong, Cybersecurity Consultant of the company.

MAYASEVEN’s expert team excels at penetration testing and carries out all services, including web application, infrastructure, and mobile application penetration testing. The company’s experts begin with the penetration testing standard methodology such as Penetration Testing Execution Standard (PTES), OWASP Testing Guide (OTG), and NIST SP800-115. “Since the standard methodology is not regularly updated, new kinds of vulnerability cannot be found if we only use these methodologies. So after we walk through the customers' systems with the standard methodology, we use our cutting-edge techniques that our team has been researching and developing on a day to day basis,” mentions Nop.

After that, customers use MAYASEVEN’s services to get a detailed report that contains a proof of concept of how the hacker can hack them. This report emphasizes the impact of vulnerabilities and weaknesses where the company provides expert recommendations.

Over the past years, MAYASEVEN has assisted numerous clients in protecting their software and solutions. One such example is that of a popular shopping website in Thailand. The company found critical vulnerabilities that allowed an attacker to gain access to the E-commerce server with root permission and a hundred thousand of their customers' credit card details. “We informed the client of these vulnerabilities to prevent criminals from obtaining this information and resolve the problems,” says Nop.

With a mission to secure the IT infrastructure of Thai organizations, MAYASEVEN has joined many information security conferences in ASEAN to share knowledge on IT security for developers, CIOs, and IT experts. “Within Thailand, there is a lack of information on risks and security in many industries, such as online shopping, government, games, and similar mobile applications; we want to bridge this gap with our immense expertise and knowledge.”

MAYASEVEN has focused on high-quality services for penetration testing to eliminate opportunities for hackers to infiltrate systems and steal data. Another aspect is the company's dedication to exceed the customer's expectation. “For MAYASEVEN, we take service quality as important as our own systems, and we are successful 99.9 percent giving us a 100 percent customer satisfaction,” says Nop. With highly skilled professionals from the cybersecurity field, MAYASEVEN ensures that its penetration testing methodology is up to date. “We strive to make a better testing process to meet the standard of this industry, and we obtained ISO 9001:2015,” he adds.

Headquartered in Thailand, MAYASEVEN plans to expand to the neighbouring ASEAN countries and ultimately the European market. From the services standpoint, the company focuses on its flagship penetration testing service, but will soon develop in the direction of cybersecurity researching, training, develop an automated hacking tool. MAYASEVEN is aiming to help organizations create a secure system. “In the next three years, we will have two separate divisions one is the prevention of system failures and the second for correction of the systems,” says Nop.