The fast flow of information within networks and between organisations across the Internet has transformed the way we communicate and transact business. This transformation has brought great new benefits, but at the same time has significantly changed and increased the security risks we face.
Security testing services help clients understand and reduce security risks and vulnerabilities present in network infrastructure, servers, applications, web applications, databases and end user devices.
The services below focus not just on the discovery of vulnerabilities, but also the provision of clear guidance to help clients eliminate these vulnerabilities quickly and effectively.
Penetration Testing
For network and application security, we conduct external and internal penetration tests to uncover vulnerabilities from the perspective of a malicious outsider and insider, respectively.
These tests provide evidence of how each vulnerability we detect can be exploited and the risk level and potential impact of each vulnerability. Our reports give clear recommendations and solutions to help eliminate each vulnerability or reduce the risk to an acceptable level...Read More
Security Source Code Review
This service provides a deep analysis of software source code to search for accidental and malicious inbuilt security weaknesses.
Security source code review is generally used by clients with high risk applications to protect sensitive and confidential information, eg. financial, payment services, personal data, intellectual property. This service is also popular for applications with frequent and regular release cycles, for example - quarterly or less, as it becomes more cost effective than regular penetration tests...Read More
Web Application Security Testing
This service is also known as web application penetration testing and is used by clients who need to ensure that their web applications provide appropriate security controls.
During the testing process we establish the specific threats which each application must be able to defend against and then we test to find weaknesses which may make these threats exploitable. As part of this service, we also benchmark the web application against the globally accepted security standards. See next item, below...Read More
Web Application Vulnerability Scanning
This service is designed for companies with web applications which fit into lower risk categories and provides a cost effective method of performing regular (typically monthly or quarterly) security tests. The tests involve a combination of automated security scans, coupled with manual verification of findings by a security test engineer.
This service provides security assurance against the majority of threats faced by lower risk web applications, but it is not as exhaustive as web application security testing or security source code review services...Read More
Web Application Security Certification
This is an award winning security assurance programme, used by software development companies, software as a service (SaaS) providers, service providers and organisations using or developing their own web applications.
The certification programme measures a web application's ability to defend against relevant and specific security threats, whilst benchmarking the security of the web application against globally accepted security standards - OWASP, OSSTMM, SANS CWE Top 25, WebAppSec and PCI DSS...Read More
Security Configuration Audit
For clients who require an in depth and comprehensive review of system security, we conduct security configuration audits, also known as vulnerability assessments, to identify the weak settings within network and security devices, servers, operating systems, databases and infrastructure software.
We provide evidence of insecure configurations and explain the risk level and potential impact of each weakness along with clear and concise recommended changes...Read More
PCI DSS Security Testing
The Payment Card Industry Data Security Standard (PCI DSS) applies to any organisation that processes, stores or transmits cardholder data. For clients who need to comply with PCI DSS, we have a complete set of security testing and PCI ASV scanning services.
We are a single source for the following services required by PCI DSS: Penetration Testing, Web Application Penetration Testing, quarterly PCI ASV scanning and Security Source Code Review...Read More