Security Audits
We perform a broad scope of technical audits related to cybersecurity – security testing, vulnerability assessment, vulnerability scans, configuration audits and source code reviews.
Get a quoteWe perform a broad scope of technical audits related to cybersecurity – security testing, vulnerability assessment, vulnerability scans, configuration audits and source code reviews.
Get a quoteOur team found and responsibly disclosed multiple vulnerabilities in high-profile software from major vendors such as:
Security audits of IT systems are done to confirm, that the infrastructure deployed in the organization fulfils security requirements and does not contain security vulnerabilities compromising the confidentiality, integrity or availability.
Config reviews and build reviews are performed on software solutions such as operating systems, services (e.g. HTTP). We verify the configuration in relation to security based on benchmarks such as NIST, CIS and recommendations from the vendor.
Source code audits may be connected with a whitebox pentest or be delivered as a separate service. The code is verified for security vulnerabilities. The analysis is performed manually with aid from automated tools and custom scripting. We have experience in reviewing applications written in i.a. Bash/C/C++/Java/JavaScript/.NET/PHP/Python/Ruby.
Vulnerability scans are performed by automated tools, which identifies mostly already known security bugs, for which it has defined plugins. In the next phase identified vulnerabilities are manually verified by our pentesters in order to eliminate false positives.
When in need of conducting it security audit we recommend to perform the following: config and build review, penetration testing and optionally code review. In case of a smaller budget or if a pentest was never done before it might be a good idea to start with a vulnerability scan to eliminate low hanging fruits.
We perform security evaluations of work from home (WfH) setups. On the user / employee side review of system builds and configuration reviews can be performed. Additionally applications used for conference calls, messaging, VPN clients and all other typical apps used in a remote work scenario can be assessed. On the employer side we can test the security posture of external infrastructure responsible for granting remote access e.g. VPN servers.
We deliver advanced technical consulting services covering multiple aspects of cybersecurity from red team to blue team. Thanks to a diverse experience in IT security we are able to look at a wider perspective during engagements. Our abilities come from many years of work experience in cybersecurity and are confirmed with certificates, publications, advisories and references from our customers.
Security testing of IT/OT/IoT/SCADA. Verification of security for both infrastructure and applications including web, mobile and client-server.
Real-life attack simulations starting from technical aspects, social engineering to physical security. We perform Advanced Persistent Threat (APT) simulations.
Audits covering broad scope, including procedures, software architecture, source code audits, configuration reviews and vulnerability assessment.
Searching for active cyber threats, proactive digital forensics aimed for detecting attackers in the organisation. Service delivered as a form of constant monitoring and as a last line of SOC.
Criminal forensics: securing digital evidence, analysing traces of activity, digital forensics, log analysis, events, RAM analysis. Additionally secure data removal.
Wide experience in identifying security vulnerabilities in popular software. We are able to conduct targeted security research for both software and IT/OT/IoT devices.