Security Audits

More Security with Audits

A security audit is the review of applications with focus on information and IT security. It identifies the threat level of your company and offers a realistic risk analysis. Audits help to increase your security level and to protect you against damages such as data loss and corresponding legal recourses or bad news. Audits can be categorised by their procedure and their goal.

Identify vulnerability and risks
Evaluate counter measures
Increase your security
Reduce damages and costs

Overview

  • The most common distinction is between blackbox and whitebox tests. A blackbox test is an audit that comes without any additional information for the penetration tester. In contrast, during a whitebox test, the tester might be given information about the target, its configuration or details about access managements, rules or IP addresses. The latter one usually results in a more detailed test that covers more points and gives a more extensive security analysis.
  • Another type of audit is called focused or unfocused. The former ones are audits, that concentrate on specific aspects of security. Consider a web application audit which might focus on database issues. Unfocused audits are sometimes called complete and cover a wider range of problems.
  • An infrastructure might be tested and reviewed from outside (external) or from inside (internal) a company's network. In order to have a comprehensive result, we recommend a combination of both.

Phases of a Security Audit

The usual audit consists of multiple steps. These steps might differ in different audits, but in general they are as follows:

security audit
  • During the preparation the details of the audit are evaluated. For instance we clarify which type of audit is best and which target is affected.
  • During the information gathering phase one collects as much information and details about the target as possible. This includes technical details as well as mail addresses or social information that might help to compromise security.
  • After gathering details about the target, the information are analyzed according to their security impact. After prior agreement with the client the identified vulnerabilities might be verified via direct attacks.
  • Every audit ends with a detailed report that summarizes identified vulnerabilities, their impact on the security state as well as corresponding mitigation strategies. In addition to that, the highlights of the report might be presented in front of an audience.

Our Claim

  • Individual Services
  • Immediate Feedback for Critical Findings
  • Audits by Certified Experts
  • Total Integrity and Confidentiality
  • Regular Reports for Constant Overview
Get more InformationContact