Our consultants have performed a large range of security assessments both in types and in volume. Across many years of added experience, we have delivered security assessment in the form of penetration tests for web application and full infrastructures and we have assessed the physical security I.T. systems for a significant range of organisations. These engagements are what we label active security testing as our consultants effectively attempt to gain unauthorised access to the elements under assessment.
We have also delivered a large range of design and/or implementation reviews that allowed our customers to gain full visibility of the security of the systems and solutions assessed.
For both approaches, we have made a name for ourselves for the output we present as our consultants go above and beyond simply reporting issues and make a point to offer detailed ways to resolve the problems and ensure the actions that should follow from a security assessment are effectively initiated.
We like to believe that a security assessment is more than a mandatory activity that needs to be performed before an implementation project can be closed off. As such, we really make an effort to insert our reporting activities into either our customers' risk management or audit practice when it is appropriate or our customer's I.T. operations practice as a way to improve the status quo for existing solutions.
We cannot stress enough our belief that the quality of reporting for a security assessment is the main elements that allows our customers to receive value out of an assessment. As a consequence to this belief, we have developped a strong reporting practice and often produce a set of reports that are aimed at either a technical or a business audience.
We can only disclose a very small subset of our work in this space but please take a look at the following case studies for an overview of our security assessment work: