Security audits

Security audits organised by certified experts

What is a security audit?

Security audits complement penetration tests because they add an additional layer of assessment on technical aspects such as the source code, system and network configuration, and other documentation that attackers do not usually have access to. These services make it possible to discover security loopholes that have strong and lasting impacts but are difficult to identify in “black box” mode.


Request more information via our wizard


The results of these services allow SSL247® to provide you with specific recommendations (and a corrective patch for a source code audit, for example, if required), and give you information on the state of your tested applications, system and network security.


SSL247® offers the following security audits:


300x200

Configuration Review

An extensive security audit of switches, routers and other critical devices on your network.

Read more

300x200

Source Code Review

The most comprehensive audit to identify vulnerabilities in the code of your application.

Read more

300x200

Security Architecture Review

An audit to identify the strengths and weaknesses of your information system’s architecture and security.

Read more


Which solution is best for your organisation ?

Our PenTesters designed a questionnaire to determine the best security solution for you.




Security audits proposed by SSL247®



Configuration review


What is a configuration review?


A configuration review assess the security of one or several specific devices on your network and how they are configured/integrated.


Why carry out a configuration review?


Our specialised consultants will aim to identify any differences between the security configuration of your components (such as the server, workstation, database, specific applications, etc.) and existing security best practices.

This review covers the following:

42x42

Targeted and comprehensive identification of inconsistencies and faults that expose the platform to a security risk.

42x42

Identification of weaknesses and assessment of the associated risks (such as the risk and safety impact or attack complexity).

42x42

Creation of a remediation plan to upgrade the security level and configuration of components, including precise and targeted proposals tailored to your needs.

The different steps of a configuration review
 

The methodology of a configuration review can be adapted to any type of environment, including: servers/workstations (Windows, Unix, etc.), database servers, application servers, network equipment (filtering rules), telephone equipment (PABX, IPBX, SVI...), and mobile terminals. Our consultants are able to produce security enhancement guides and provide your teams with resources enabling them to employ best practice methods on any type of technology mastered by SSL247®.

We can also develop regular verification scripts ("compliance checks") that cover a broad scope and ensure the security of your configurations in the long run.

Our configuration reviews will provide you with a full range of implications to your business (from management procedures to technical implementation).

The service is divided into two phases:

  • Phase 1: Understanding the context and usefulness of each element
  1. This provides an overall understanding for the auditor and thus provides context-specific results.
  2. This phase can include the analysis of documentation and interviews with technical teams for a more comprehensive review.
  • Phase 2: Vulnerability analysis: All equipment services are verified and each configuration element is analysed
  1. Updates for each service are systematically verified.
  2. Particular attention will be paid to all security mechanisms, whether in action or not (data encryption, analysis of the anti-virus system, etc.).

Source Code Review


What is a source code review?


A source code review is the most comprehensive service that can be conducted on an application, as it can fully detect the vulnerabilities affecting any application by examining the source code.

Why carry out a source code review?



42x42
Prerequisites

This type of review requires the provision of the source code itself and additional related documentation. Interviews with developers and architects can also be conducted for a more comprehensive review.

42x42
Extensive application research

A source code review makes it possible to go beyond the vulnerabilities that are detectable in a black box mode test (notably during an application penetration test). This is because a source code review can find weak points within the internal mechanisms, such as the lack of encryption and best practices in development, as well as weaknesses in authentication, traceability and logging processes. Being able to detect and correct these weaknesses can significantly increase the overall level of security of your application.

42x42
Regulation Compliance

If necessary, we are also able to validate compliance with the regulations in force (rules imposed by PCI-DSS [encryption, etc.], requirements of the regulatory authorities, compliance with legal requirements for public websites...).

42x42
Complementary Penetration Tests

With this type of review, we can perform a complementary application penetration test in order to combine the two approaches and obtain the most comprehensive results possible.


Security Architecture Review


What is a security architecture review?


This technical review involves an accelerated analysis of the targeted technical architecture, based on the information and elements provided. It does not cover the use of technical controls on systems, but takes into account technical hotspots and the initial action plan procedures.

Why carry out a security architecture review?


This review is composed of :

42x42

Identification of needs and analysis of the existing situation: This is usually carried out through interviews with business, technical (production and engineering) and organisational (safety) teams. These meetings will establish the requirements of each department that can then be analysed against the security design and existing protection mechanisms.

42x42

Inventory of results: Analysis of the test results (including penetration tests) and identification of the major risks associated with the current architecture.

42x42

Presentation of best practices and feedback covering: organisation (process, strategy), operation, administration and architecture, documentation and procedures.


Detailed and comprehensive reports

Our reports are much more than a simple list of vulnerabilities generated with an automated tool. From the methodology and strategies employed to the traces of information, our reports provide as much information as possible, enabling your teams to understand and replicate the exploitation or verification of all identified vulnerabilities.

  

Livrable_testd'intrusionSSL247

This service may also interest you:



60x60
Penetration testing

Read more


130x90
Social Engineering

Read more


130x90
Red Team Services

Read more


130x90
Incident Response

Read more


Why choose SSL247®?

SSL247® has over 12 years of experience and expertise in the web security industry and numerous accreditations such as the EMEA Symantec Champion Award 2017 and the certification ISO 27001:2013.

n addition, our in-house team, specialised in security evaluation, penetration testing and security audits, is composed of certified and recognised experts in the field of security, and hold qualifications such as: OSCP, OSCE and OPST


Get in touch

For more information on how our Security Audit can benefit your business, get in touch with one of our friendly accredited consultants for no obligation discussion:

+44 (0) 204 519 2097
sales@ssl247.ae