Secure Advice can provide expert level external and internal penetration testing against your exact business requirements. We review your business needs, and ensure that your networks are secure from both internal and external threats. Our experienced consultants will examine your infrastructure and report back on any security weaknesses or exploits which can be secured. At the end of the test, our consultants will review the findings, discuss any remediation advice, and produce a technical report for both management and technical audiences.
We perform these tests using an array of tools, services and experience to provide you with comprehensive results and findings to ensure your information and intellectual assets remain under your control. An example of our services are listed below
We perform these tests using an array of tools, services and experience to provide you with comprehensive results and findings to ensure your information and intellectual assets remain under your control. An example of our services are listed below
Web Application Security Testing
Secure Advice's web application security experts employ a combination of automated tests using the latest tools and technology together with manual testing and examination procedures to test across the full spectrum of potential vulnerabilities including the top ten threats identified by the Open Web Application Security Project (OWASP).
Social Engineering Testing
Secure Advice provide expert level Social Engineering assessments to check for social engineering weaknesses within your people and processes. Full onsite and remote testing is performed by our experienced team.
Firewall Rule Set Policy Review
Ensure that your Firewall is providing the level of protection that you expect with a thorough Secure Advice Firewall Rule Set Policy Review. Our consultants will review your policy and Firewall configurations to ensure they are secure and complete.
Network Device Security Review
Secure Advice can fully assess the configuration of your firewall devices to ensure that they are providing the level of protection that you assume from these important perimeter devices. Our consultants can also review switch and router configurations to ensure correct and secure operation.
Secure Advice has full access to a professional Penetration Testing team that can be used to identify vulnerabilities that exist on your internal and external networks. External testing is performed from various Internet data centres and the internal testing is performed from the customer site whilst connected to the customers network in the same way that an internal attacker would connect.
Whilst its an important step to ensure that your business is not susceptible to any external threat or exploit, its also advisable to review internal systems and services to ensure that a business understands the threat of an internal attack and what a common employee may be able to achieve, even inadvertently !
Whilst its an important step to ensure that your business is not susceptible to any external threat or exploit, its also advisable to review internal systems and services to ensure that a business understands the threat of an internal attack and what a common employee may be able to achieve, even inadvertently !
Our Methodology
The Penetration Testing (sometimes referred to as Pen Testing) service consists of five phases. These phases start with the requirements gathering and agreement with the customer and end with Secure Advice presenting the results back to the customer, along with any recommendations for remedial action.
These steps comprise of Initial Scoping, Reconnaissance, Assessment, Reporting and Presentation
These steps comprise of Initial Scoping, Reconnaissance, Assessment, Reporting and Presentation
Web Application Security Testing
Secure Advice has access to a professional Web Application Security Testing team that can be used to identify vulnerabilities that exist on your web applications and websites. This application testing can be performed remotely for external facing web applications or internally at your premises if the application is an internal application.
This service is designed to ensure that you, as the customer, know exactly how secure your applications and web services are. Its important to understand not only how secure your systems are as part of an attack, but also how secure authenticated users are once inside your application. Secure Advice has a wealth of knowledge and experience in the web application testing and assessment field, and produces reporting for your business at both a managerial and technical level.
Our security testing methodologies are based around the The Open Web Application Security Project (OWASP) testing methodologies. The assessment is divided into five phases.
These phases are Initial Scoping, Passive Information Gathering, Vulnerability Testing, Reporting and Presentation
This service is designed to ensure that you, as the customer, know exactly how secure your applications and web services are. Its important to understand not only how secure your systems are as part of an attack, but also how secure authenticated users are once inside your application. Secure Advice has a wealth of knowledge and experience in the web application testing and assessment field, and produces reporting for your business at both a managerial and technical level.
Our security testing methodologies are based around the The Open Web Application Security Project (OWASP) testing methodologies. The assessment is divided into five phases.
These phases are Initial Scoping, Passive Information Gathering, Vulnerability Testing, Reporting and Presentation
Security breaches of corporate IT networks are often thought only to come as a result of a malicious attack from technically competent computer hackers. However, social engineering often plays a large part in helping hackers bypass the initial IT security barriers.
Overly helpful employees lacking security awareness, often provide access to corporate offices, restricted areas and IT systems where the hacker has no authorised access.
Our social engineers use techniques and skills to trick legitimate employees and computer users into providing access to restricted areas and the information required to gain access to restricted IT systems. The social engineer will pose as a legitimate employee or third party with false credentials in order to trick legitimate employees and computer users into divulging useful information. This information can be used to break into the corporate IT systems. Social engineering can be performed by many means; by telephone, by forged email or by visits to corporate offices. The security testing methodology used are based around the The Open Social Engineering Framework testing methodology.
The assessment is divided into seven steps - Client brief, Intensive job scoping and research to create a threat model, Formulation of bespoke attack scenarios based on client threat modelling, Client debrief, Report Creation and Report presentation
Overly helpful employees lacking security awareness, often provide access to corporate offices, restricted areas and IT systems where the hacker has no authorised access.
Our social engineers use techniques and skills to trick legitimate employees and computer users into providing access to restricted areas and the information required to gain access to restricted IT systems. The social engineer will pose as a legitimate employee or third party with false credentials in order to trick legitimate employees and computer users into divulging useful information. This information can be used to break into the corporate IT systems. Social engineering can be performed by many means; by telephone, by forged email or by visits to corporate offices. The security testing methodology used are based around the The Open Social Engineering Framework testing methodology.
The assessment is divided into seven steps - Client brief, Intensive job scoping and research to create a threat model, Formulation of bespoke attack scenarios based on client threat modelling, Client debrief, Report Creation and Report presentation
A consultant led firewall review provides a thorough examination of the Firewall configuration within your organisation. The configuration of the Firewall is assessed through the rule set and any issues appertaining to the rule set are identified by the examining consultant.
These issues may include problems due to over zealous rules, historic rules, badly configured rules or rules that have been added to provide a work around that now should be removed.
Firewalls have evolved over time and procuring a Firewall review provides you with the peace of mind that your Firewalls are protecting you in the manner that you would expect. The methodology employed for the rule set reviews has been built from years of industry experience in performing firewall rule set reviews and is divided into five basic steps - Client brief, Configuration parsing for supported devices, Configuration analysis, Report creation and Report presentation
These issues may include problems due to over zealous rules, historic rules, badly configured rules or rules that have been added to provide a work around that now should be removed.
Firewalls have evolved over time and procuring a Firewall review provides you with the peace of mind that your Firewalls are protecting you in the manner that you would expect. The methodology employed for the rule set reviews has been built from years of industry experience in performing firewall rule set reviews and is divided into five basic steps - Client brief, Configuration parsing for supported devices, Configuration analysis, Report creation and Report presentation
Network Device Security Review
The network devices that make up your network are an integral and critical part of your infrastructure. The default configuration of these devices can often lead to vulnerabilities that can be exploited by potential attackers in order to gain a more privileged level of access to your network and resources.
We employ a team of network security specialists up to Cisco CCIE level and other industry standard qualifications who can perform very in-depth configuration and security reviews of all network devices.
These reviews focus on the exact configuration of the network devices such as switches and routers and can provide a great insight into the security of the configuration of such devices. The methodology employed for our network device reviews has been built from years of industry experience in performing network device reviews.
The assessment is divided into five steps - Client brief, Configuration parsing for supported devices, Configuration analysis, Report creation and Report presentation
We employ a team of network security specialists up to Cisco CCIE level and other industry standard qualifications who can perform very in-depth configuration and security reviews of all network devices.
These reviews focus on the exact configuration of the network devices such as switches and routers and can provide a great insight into the security of the configuration of such devices. The methodology employed for our network device reviews has been built from years of industry experience in performing network device reviews.
The assessment is divided into five steps - Client brief, Configuration parsing for supported devices, Configuration analysis, Report creation and Report presentation
