HS logo

Contacts IT EN

Assessment Services

  • Description Assessment services consists of a review of vulnerabilities that could be exploited by users to access a system. The assessment goal is to determine the existing implemented security controls. Tests are performed simulating a malicious user attacking your assets, providing only few informations concerning to the application, network and database such as URLs or IP addresses. On request, according to the targets scope and goals, we can attempt to exploit vulnerable systems in order to obtain confidential information, compromise your network perimeter and access a compromised system to gain a "pivot access" to further penetrate your network infrastructure, systems and applications hence to demonstrate the potential impact of a successful compromise.
  • Methodology We operate in accordance with best practice standards and incorporates guidelines from OSSTMM, NIST and OWASP. We also strictly follow your company guidelines, if any.
  • Markets We performs assessments for a wide range of industries such as: Telco, Finance, Insurance, Manufacturing, Education, and Government. Considering the sensitive nature of this job, we provides only a list of ours customer without any detail of the provided services.
  • Ethics In the information security field, ethics is a key driver that must be assured. We follow strict security guidelines and conduct all assessments with deep honesty and integrity. We utilize the current and up-to-date standards whether we are performing an assessment from a remote location or in your offices.
  • Systems and Wired Networks - Web Applications
    Data Base Management Systems - SAP Systems
    aimed at identifying security weaknesses of the application under test, by means of automated tools in the very first stage, followed by a second and in-depth manual testing.
  • Wi-Fi Networks
    aimed at identifying the wifi infrastructure components that can be discovered and accessed due to a weak security mechanisms, as well as the presence of rogue access points, installed by employees or contractors, which do not follow your organization's security policies.
  • Wireless GSM/UMTS (2G/3G) Networks
    aimed at identifying intercept, manipulate, and take advantage of GSM/GPRS/EDGE communications, as GSM (voice and SMS), in order to underlying any vulnerabilities.
  • Mobile Technology (smartphones and tablets)
    Detection of security exposures of employee's mobile devices.
  • Source Code Analysis
    we are able to perform a depth internal review of your application's code, looking for potential security issues relating to its code and design. From authorization and access management to cookies and sessions handling we check any functionalities against the best guidelines and practices.
  • Security Architecture Review
    services aimed at assessing your network or application architecture in order to design a plan which defines the actions and projects to implement to ensure an higher level of security.
  • Internal and External Intrusions
    evaluation of the internal and external security level of a company's information systems by determining the attacking surface an attacker would have at his hand.
  • Security Awareness
    services aimed at assessing your employee in order to evaluate weaknesses, hence address them in the most effective way including design better security policies.
  • Assessment Training
    see the Training Section.