Technology audits

Technology audits

Ethical hacking

  • Vulnerability assessment – penetration testing
  • External and internal assessments
  • Blackbox, whitebox and graybox tests
  • Web application tests
  • Automatic and manual tests
  • Preparation of summary reports, including detailed recommendations

Firewall audits

  • Verification of security settings (management interfaces, access, logging, etc.)
  • Verification of CIS benchmark compliance
  • Assessment of ACL rules

Hardening assessments

  • User access assessment
  • Assessment of running services
  • Checking necessary service packs
  • Checking file system and share permissions
  • Assessment of operating system and services settings in terms of security
  • Assessment of file and script contents in terms of security

Source code analyses

  • Threat-modelling, understanding the application’s logic
  • Threat-analysis (based on STRIDE list)
  • Verification of applied controls, mitigation techniques
  • Accomplishment of automatic and manual tests