Networks and systems security auditing

brand-pentest

Information security management includes the necessity to regularly test the systems and infrastructure security. Security auditing and penetration testing is used for performing such regular testing.

It is possible to test individual systems or whole network. Usually the adherence to various parts covered by the normative appendix A of the ISO27001:2015 standard is tested.

Our services include both security audits and black-box penetration testing. We are developing custom software for aggregating multiple scanners and analytic tools output. This aggregated view gives better security overview of tested systems.

Penetration testing methodologies

We are performing penetration testing using our long-time experience and using our own methodologies which are based upon generally accepted and peer-reviewed sources:

  • OSSTMM – Open Source Security Testing Methodology Manual, version 3. OSSTMM is a peer-reviewed methodology from the ISECOM organzation and it is used for performing penetration testing and evaluating testing results. This methodology defines basic categories which agregate testing information and data control, security awareness, fraud and social engineering defences, computer and telecommunication networks, wireless and mobile devices, physical security, security processes, physical security and perimeters. More information about the methodology can be found at: http://www.isecom.org/osstmm/.
  • OWASP – Open Web Application Security Project – is a community of security enthusiast founded as supporting organization for anyone interested in secure application development, deployment and maintenance. Its goals include helping create not only functional software but also a software that adheres to security standards for both availability and data security. It is an open methodology and more information can be found at: http://www.owasp.org/.