Security Audit

Security Audits

We perform a broad scope of technical audits related to cybersecuritysecurity testing, vulnerability assessment, vulnerability scans, configuration audits and source code reviews.

Cybersecurity audit

Security audits of IT systems are done to confirm, that the infrastructure deployed in the organization fulfils security requirements and does not contain security vulnerabilities compromising the confidentiality, integrity or availability.

Security config review, build review

Config reviews and build reviews are performed on software solutions such as operating systems, services (e.g. HTTP). We verify the configuration in relation to security based on benchmarks such as NIST, CIS and recommendations from the vendor.

Security code review

Source code audits may be connected with a whitebox pentest or be delivered as a separate service. The code is verified for security vulnerabilities. The analysis is performed manually with aid from automated tools and custom scripting. We have experience in reviewing applications written in i.a. Bash/C/C++/Java/JavaScript/.NET/PHP/Python/Ruby.

Vulnerability scans

Vulnerability scans are performed by automated tools, which identifies mostly already known security bugs, for which it has defined plugins. In the next phase identified vulnerabilities are manually verified by our pentesters in order to eliminate false positives.

IT security audit

When in need of conducting it security audit we recommend to perform the following: config and build review, penetration testing and optionally code review. In case of a smaller budget or if a pentest was never done before it might be a good idea to start with a vulnerability scan to eliminate low hanging fruits.

Software engineering consulting

We support companies during the software development process on both architecture and implementation levels with the following services:

  • threat modeling for the customer software solution,
  • implementation and review of processes such as Secure SDLC (a process which aims to help improve the general state of software security in the stage of architecture and implementation) or DevSecOps (process which introduces security in a standard DevOps model).

Security audits of IT systems are done to confirm, that the infrastructure deployed in the organization fulfils security requirements.

Explore Our Offer

We deliver advanced technical consulting services covering multiple aspects of cybersecurity from red team to blue team. Thanks to a diverse experience in IT security we are able to look at a wider perspective during engagements. Our abilities come from many years of work experience in cybersecurity and are confirmed with certificates, publications, advisories and references from our customers.