Security Audit Services
Our Security Audit Services
Learn More About Our Security Audit Services
Upon completion of the security audit, a detailed report which contains the following information will be provided and presented to you:
- An Executive Summary which contains the vulnerabilities identified over the course of the audit.
- Identified Vulnerability Details which includes technical specifications of the vulnerabilities.
- Actionable Recommendations for the identified vulnerabilities.
- Support References to facilitate the implementation of our recommendations.
- Annexed Information detailing complementary technical information.
- Methodology used during the project to diagnose the vulnerabilities.
Our IT security audit methodologies are based on the industry’s best practices and on the vast experience our experts have gained over the course of hundreds of projects. Here are some of the standards we refer to during our tests:
- LPT (Licensed Penetration Tester methodology from EC-Council)
- OSSTMM (Open Source Security Testing Methodology Manual)
- OWASP (Open Web Application Security Project)
- ISSAF (Information Systems Security Assessment Framework)
- WASC-TC (Web Application Security Consortium Threat Classification)
- PTF (Penetration Testing Framework)
- OISSG (Information Systems Security Assessment Framework)
- NIST SP800-115 (Technical Guide to Information Security Testing and Assessment)
- Planning We work with your team to determine the applications, systems and critical networks to include in the scope of the test.
- Testing Our experts carry out audits using a wide range of methods which include potential target listing, program logic analysis, automated sweep tests, and sophisticated attack scenarios.
- Reports We maintain open communication with your organization to inform you of any critical flaws and present you with a detailed report of vulnerabilities and recommendations.
- Post-test We present the findings of the audit and offer you support, as well as technical advice for implementing the recommendations and fixes to improve your security.
- How long does a project last? The time required to successfully execute a security audit depends on the scope and type of test. To minimize the impact on your daily operations, we ensure that tests are aligned with your schedule and expectations.
- What can you expect in terms of costs? The cost of a security audit is determined by an array of factors: type of test, scope of the project, number of systems and applications concerned as well as number of test phases.
- Is it possible to plan a second test phase after fixes and recommendations have been implemented? Absolutely! Our team of experts will remain available to execute further test phases to verify fixes and patches following the implementations.