Audit & Penetration Testing

Our audit service is extensive and includes reviewing network and web applications, wireless networks, physical security and social engineering.

It is a comprehensive set of procedures and techniques to fully review your target environment.

Our long standing client relationships are based on our ability to deliver comprehensive audits and accurate advice. Our Audit & Penetration Test Services include:

Vulnerability Assessments. Our vulnerability assessment service is an excellent starting point for determining where infrastructure vulnerabilities lie. Less intensive than penetration testing, our extensive test platform is used periodically (to suit) to identify weaknesses. Our assessment service can be used both internally and externally to give complete coverage.

Application Penetration Test. A comprehensive penetration test on web applications and related or supporting infratrstructure. The security of web applications is paramount as they often provide direct, trusted access to confidential customer and business data.

Network Penetration Test. Performed on internal and external networks, this exercise provides a full review of core networks, supporting operating systems and related middleware. Network penetration testing is especially useful when locating vulnerabilities in firewalls, routers and network configuration.

Wireless Penetration Test. A very useful excercise that is increasingly being included as an integral part of various compliance programmes. The accessibility of wireless networks can create serious issues for organisations that do not adequately secure the supporting configuration.

Physical Security Audit. Physical security controls to sources of sensitive data is often overlooked. Often tying in with our social engineering service, we attempt to review (and circumvent) physical controls at offices and data centres to gain network access.

Social Engineering. All manner of techniques are employed to gain unofficial access to networks. Our audit team will pose in a variety of guises, using a variety of communication mediums to gather intelligence and credentials to your network. This excercise really does test the security controls of your organisation and awareness and vigilance of your staff.

Strategy & ISO 27001 reviews. Performing technical vulnerability assessments and audits are obviously very useful. However, many organisations need to create an overall strategy to tie up why they are performing these exercises. What [data] are we trying to protect? How does security meet our obligations as a business? What are our trading partners, third parties or regulators expecting from us? These are all valid questions that might need answering before a cohesive security programme can be created.

Featured service...

Featured Client

Our PCI policy pack is a detailed, suite of documents that has been developed by our experienced QSA team.

Additional Information

  • Comprehensive range of audits to suit all types of organisation.
  • Delivered to a wide range of customers across the world.
  • Emphasis is placed on customers understanding our recommendations and being able to act on them.  
  • We often work on a periodic programme basis - ensuring clients continually improve security.
  • All testing is non destructive. Every attempt is made to minimise disruption to your networks that we test.

Feel free to contact us to discuss any aspect of your security or compliance programme.


© 2010 Ambersail Ltd