Technology audits
Ethical hacking
- Vulnerability assessment – penetration testing
- External and internal assessments
- Blackbox, whitebox and graybox tests
- Web application tests
- Automatic and manual tests
- Preparation of summary reports, including detailed recommendations
Firewall audits
- Verification of security settings (management interfaces, access, logging, etc.)
- Verification of CIS benchmark compliance
- Assessment of ACL rules
Hardening assessments
- User access assessment
- Assessment of running services
- Checking necessary service packs
- Checking file system and share permissions
- Assessment of operating system and services settings in terms of security
- Assessment of file and script contents in terms of security
Source code analyses
- Threat-modelling, understanding the application’s logic
- Threat-analysis (based on STRIDE list)
- Verification of applied controls, mitigation techniques
- Accomplishment of automatic and manual tests