Security Assessment

Our Security Assessment services are designed to provide an assessment of the security risks to any IT environment. We test from an end-to-end perspective, from the Infrastructure to the Applications. We attempt to gain illicit access to protected resources and exploit any underlying vulnerabilities of all elements of an IT system. In doing this we use the precise methods and tools that are in practice employed by a ‘real’ attacker.

Our testing is threat based, through analysis of the system and the business processes the system implements we develop a profile of the threats to the security of the system and test accordingly. These tests could be from the point of view of an Insider with detailed knowledge of the system, an outsider with little or no knowledge of the system. The results of the testing is then tailored to suit the threat scenarios and the business needs, thus matching the risk to the business.

Our testing is performed to a well defined testing methodology. This allows us to identify and isolate any vulnerabilities, while allowing necessary intrusion tools to be obtained or developed. The methodology then ensures that access is gained in a safe and controlled manner - be that physically or logically.

The output from any test is a report that is tailored to deliver the issues to both a business and technical audience. With details of the issues identified, associated risks to the business and credible solutions to the issues. We endeavour to work with both the technical teams that manage the systems we test and the business elements to gain a detailed understanding of the systems and business in order to recommend solutions that fit the business and are not just your boiler plate recommendations pumped out by a vulnerability scanner.

// Network Infrastructure Assessment

Testing Wireless and Wired Network environments from just a few network nodes to testing large networks. We are able to test both onsite and offsite depending on the network environment under investigation and the threat scenarios identified.

// Application Assessment

Internet enabled applications such as web based portals, to complex enterprise applications all represent attack surface for an organisation. We assess them all to attempt to identify exploitable weakness that can be used by an attacker to compromise any business asset or customer data processed by the application.

Mobile applications, in this everything everywhere connected age mobile applications are everywhere and as a result they represent attack surface for those attacking an organisation. We’ve expertise and experience in the review and assessment of mobile applications to attempt to identify any weaknesses.

// Social Engineering Assessment

Use social engineering techniques to determine how effective any security controls are when in use by the people in the environment.

// Physical Security Assessment

Security of the physical is just as important as the security of the logical. We review the physical security implemented within an environment, using onsite reviews either escorted or unescorted, monitoring of responses by security staff and systems to various security situations.

Copyright © 1994-2016 Reaper Technologies Ltd. All rights reserved. Registered in England number 09899811.