Security audits of IT systems are done to confirm, that the infrastructure deployed in the organization fulfils security requirements and does not contain security vulnerabilities compromising the confidentiality, integrity or availability.
Security config review, build review
Config reviews and build reviews are performed on software solutions such as operating systems, services (e.g. HTTP). We verify the configuration in relation to security based on benchmarks such as NIST, CIS and recommendations from the vendor.
Security code review
Vulnerability scans are performed by automated tools, which identifies mostly already known security bugs, for which it has defined plugins. In the next phase identified vulnerabilities are manually verified by our pentesters in order to eliminate false positives.
IT security audit
When in need of conducting it security audit we recommend to perform the following: config and build review, penetration testing and optionally code review. In case of a smaller budget or if a pentest was never done before it might be a good idea to start with a vulnerability scan to eliminate low hanging fruits.