We enjoy looking at devices, networks and applications (including mobile) for vulnerabilities and weaknesses. Let us tear apart your product to see what risks you might be exposing yourself to when it goes live.
Major company breaches are common place today. A systematic approach to assessments of your infrastructure is ideal to uncover any risks you might be unaware of.
As your business grows, so does your attack surface area. One key task attackers perform is to gather as much information about your company as possible. From learning your security posture, to how your employees act on the Internet, collecting as much information as possible is required for an attack.
We make use of Open Source intelligence sources, coupled with over a decade of experience in mapping out a companies Internet posture. The end result is a deliverable of what you look like on the Internet.
A security assessment usually includes some form of penetration testing, but it takes a more formal and systematic approach and provides a comprehensive view of where all the exploitable vulnerabilities are and what actions should be taken to remediate them. This makes the assessment a very valuable exercise for decision makers, presenting them with a point-in-time view of your security posture.
This view can change rapidly as new attack vectors are developed, as the target itself changes or even the issues are remediated. Our assessments look at the entire OSI Model, from layer one up to layer 7 and we have extensive experience in discovering flaws in each layer.
We've helped write the OWASP Application Security Verification Standard (ASVS), which provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications.
When performed correctly, a penetration test is an attempt to compromise a specific system, set of systems or gain access to data. This exercise mimics the approach that attackers would take when targeting your organisation, but in a more controlled manner. The aim of our Goal-Orientated approach is to allow you to answer two questions: ‘can we be compromised?’ and ‘are we able to react accordingly when we are?’
We work with you to draw up a series of threats that concern you and then set about proving the likelihood of them being exploited. This service makes use of attack scenarios and real-world techniques. This is the closest thing to being attacked by a real-world adversary.
Wi-Fi vulnerabilities have the potential to cause more damage than traditional wired networks. With most devices today making use of Wi-Fi, creating adhoc wireless networks is all too easy.
Through our Wireless Security Assessments we will locate all access points and rogue devices and analyse the vulnerabilities that could result in a compromise. Often these relate to device configuration errors, out-dated patching, policy and architecture design.
I'm sure there's an app for that!!
As mobile phone usage continues to grow at an outstanding rate, we've fine-tuned our capabilities to deliver end to end mobile security assessments of platforms, handsets and applications.