Cybersecurity & Compliance Services
Computer Kingdom delivers cybersecurity and compliance services for businesses in Pune and across India. We run application-level security audits, infrastructure reviews, DPDP Act and GDPR readiness assessments, and ongoing secure-development reviews of code your team or your vendors are shipping. The work is practical — we hand you findings with proof, severity, and remediation steps, not a glossy PDF.
We bring 25+ years of building real production systems to the security work. That means when we find an issue, we know what it actually takes to fix — not just a checklist tick. Several of our security engagements grow out of clients we already build software for, where security is one part of a broader engineering relationship.
What We Build
Common engagements include:
- Application security audits — OWASP Top 10 coverage on web and mobile applications, with proof-of-exploit findings.
- Penetration testing — black-box and grey-box external pen-tests with reproducible attack chains.
- DPDP Act readiness — data classification, consent capture, breach notification process, retention policies, data principal rights.
- GDPR & international compliance — for clients serving EU customers — lawful basis, DPIA, processor agreements.
- Code reviews for security — structured reviews of your source code looking for injection, auth flaws, secrets in code, weak crypto.
- Cloud security reviews — AWS / Azure / GCP configuration audits — IAM policies, network exposure, storage permissions, KMS use.
- Vulnerability management — ongoing scanning of dependencies, containers, and infrastructure with patch prioritisation.
- Incident response & forensics — if you've been breached or suspect a breach, we help with containment, scope assessment, evidence preservation, and recovery.
Engagement Process
Most security engagements follow this shape, scaled up or down depending on scope.
- Scoping & rules of engagement — we agree what's in scope, what's off-limits, who's notified, and what evidence is preserved.
- Reconnaissance — external attack-surface mapping, endpoint discovery, technology fingerprinting.
- Active testing — exploitation attempts, payload crafting, lateral movement — safely and within the agreed scope.
- Findings documentation — every finding gets a CVSS score, reproduction steps, business-impact statement, and remediation guidance.
- Remediation support — we don't just hand over the report — we help your team or vendors fix what we found.
- Re-test — after fixes ship, we verify the issues are actually closed (and that no new ones opened in the process).
Tools & Frameworks
We use industry-standard tools and frameworks. The findings, not the toolset, are what matters.
- Methodology: OWASP Testing Guide, OWASP ASVS, NIST CSF, ISO 27001 controls, CIS Benchmarks
- Application testing: Burp Suite Professional, OWASP ZAP, custom Python and Bash tooling
- Network & infrastructure: Nmap, Nessus, OpenVAS, Wireshark, Metasploit
- Code analysis: Semgrep, SonarQube, gitleaks, trivy for container scanning
- Cloud security: Prowler, ScoutSuite, AWS Config, Azure Security Center, GCP Security Command Center
- Compliance frameworks: DPDP Act 2023, GDPR, PCI-DSS, HIPAA (for healthcare exports), SOC 2 readiness
- Threat modelling: STRIDE, attack trees, kill-chain mapping
Why Choose Computer Kingdom
- 25+ years of track record. We have been delivering custom IT work in Pune since 1999.
- Local Pune presence. Our team is based at M.G. Road, Camp — in-person meetings and local support are easy.
- End-to-end delivery. We cover discovery, design, build, QA, deployment, and support under one roof.
- Pragmatic technology choices. We pick tools that match your team’s capacity to maintain the system long-term.
- Honest communication. You get direct access to the people doing the work. If something is slipping, you hear it from us early.
Frequently Asked Questions
How long does a security audit take?
A typical web application audit takes 2-4 weeks of active testing plus 1 week of reporting. A combined application + infrastructure audit takes 4-6 weeks. Larger enterprise scopes (multiple applications, multiple environments, deep cloud audit) run 8-12 weeks. The timeline is driven by application size and the depth of testing requested, not arbitrary.
Do you have certified security professionals?
Yes — our security team holds combinations of OSCP, CEH, CISSP, CCSP, and ISO 27001 LI certifications. We also draw on 25+ years of building production systems, which is often more useful than any certification when figuring out what an exploit actually means in context.
What's the DPDP Act and how do we comply?
The Digital Personal Data Protection Act 2023 is India's data protection law. Compliance covers: appointing a Data Protection Officer for significant data fiduciaries, capturing valid consent, providing data principal rights (access, correction, erasure), implementing reasonable security safeguards, and notifying breaches to the Data Protection Board. We run readiness assessments and help with the technical implementation — consent UIs, audit logs, retention enforcement.
We've already been breached. Can you help with response?
Yes. The first 24 hours matter most. Call +91 99609 03132 immediately. We help with containment (cutting off the attacker), scope assessment (what was actually accessed?), evidence preservation (so you can answer regulators and law enforcement properly), customer/regulator notification, and post-incident hardening to prevent recurrence.
How is your pen-test different from automated scanners?
Automated scanners find known vulnerabilities and a small percentage of common patterns. They miss business-logic flaws (e.g., a checkout that lets you set the price to zero), authentication bypasses specific to your code, and chained exploits where two minor issues combine into a critical one. Our manual testing finds these — that's where the highest-impact findings tend to live.
Will testing break our production systems?
Only if you ask us to. By default we scope around production stability — rate limits, no destructive payloads, no DoS-like activity, off-hours testing for sensitive systems. For full attack simulation we work in a staging clone. Our engagement letter spells out exactly what we will and won't do.
Do you offer ongoing security services or only one-time audits?
Both. Many clients start with a one-time audit, fix the findings, then move to a quarterly review or a managed-vulnerability service. Continuous coverage is more valuable than a once-a-year audit if your application is actively evolving.
Start Your Project
Ready to discuss your requirements? Call +91 99609 03132, email rakesh@ecomputerkingdom.com, or send us a message. Initial consultations are free and no-obligation — we will give you an honest view of whether what you need is a good fit for us.