Infrastructure Assessment

Testing Wireless and Wired Network environments from just a few network nodes to testing large networks.  We will assess the security posture of your environments to identify areas of concern, during which we will identify vulnerabilities and assess real business risk against local and international compliance standards, such as ISO 27002, PCI-DSS, HIPAA, SANS 20, GDPR and other security compliance mandates. 

 

Application Assessment

Internet enabled applications such as web based portals, to complex enterprise applications all represent attack surface for an organisation. We assess them all to attempt to identify exploitable weakness that can be used by an attacker to compromise any business asset or customer data processed by the application.

Mobile applications, in this everything everywhere connected age mobile applications are everywhere and as a result they represent attack surface for those attacking an organisation. We’ve expertise and experience in the review and assessment of mobile applications to attempt to identify any weaknesses.

In addition to traditional testing of live applications we have extensive experience in conducting Source Code based security reviews of applications. Reviewing an application from the standpoint of the source code can provide additional insight into possible security weaknesses that may not be readily identified by testing a live running application. With this greater level of access and understanding it allows our team to work more closely with your developer community to provide recommendations and advice to address identified issues.

 

RED TEAM ASSESSMENT

Red Team Assessment Services (RTAS) is designed to identify and assess the security of an organisation at an enterprise wide level, identifying and exploiting vulnerabilities within an organisation to provide insight into realisable risk based on threats and concerns within the organisation.

Our red team services target specific identifiable assets of an organisation or concerns and use what ever means available to attempt compromise those assets or realise the addressed concerns.

We are addressing the problem that has emerged from current testing approaches which have become too focused, only looking at a specific application or system, rarely looking at the bigger picture due to the constraints of scope.

Traditional testing often stops at flaw identification, proving the flaw exists then moving on to the next issue.

Organisations rarely assess flaws in combination, looking at the interactions between flaws to enact a wider compromise in the system they exist in or rarer still the interaction between flaws in different systems.

Our approach used long term assessment, as a key element of our methodology used by our Red Team, this enables use to mimic the adversary as closely as possible.