SECURITY TESTING

All our security testing is split into the following phases: introduction, testing, delivery and after care. You will be assigned a consultant who will send an introductory email with all the relevant contact details and source IP addresses

MOBILE APPLICATION TESTING

Testing of a mobile application will broadly follow the same steps as an OWASP application test. We will always begin the process by understanding how the application works and what it does. As the techniques and languages used to write the applications vary for each platform, it is vital that each application is treated as a separate application and tested independently.

We will assess the security of the mobile application, looking at how it handles and stores data, how it transmits data and whether it manages sessions properly. Testing will be done from an unauthenticated and an authenticated perspective.

The testing approach can roughly be broken down into four areas:

Application mapping
Client attacks
Network attacks
Server attacks

WIRELESS TESTING

Most organisations use wireless in some way, even if it’s just for guest use. This presents a threat to the organisation as the WiFi network is often accessible outside the building and also numerous devices are able to connect to it.

Our Wireless Testing offering will assess the configuration and deployment of your WiFi network from an unauthorized, authorized and a configuration perspective.

See below for the sort of issues our consultants would be looking for during a Wireless Testing engagement. We cannot provide a full list as it completely depends on what the company does, what systems are in use.

What encryption is in use
Access restrictions
SSID broadcast
Access points patching
Physical location of access points
Configuration and restrictions imposed on access points
Rogue Access Points identification

BUILD REVIEW

Most organisations have more desktops than any other device therefore they all need to be built, managed and configured in a secure way. If there is a security issue on one desktop, it is likely it exists on all of them, therefore getting a gold build standard in place can be an easy win for security in an organisation as the security of the entire estate can be improved dramatically.

We will conduct a review of a sample of desktops with a view to providing you with a detailed list of remediation steps that can be easily incorporated into your organisations secure build policy.

During the Build Review, the types of issues we will look at includes but is not limited to:

OS Patching

Is the operating system up to date, is it being maintained, are there any critical patches missing

Application Patching

Are the applications installed on top of the operating system patched

Local Admin

Is the local admin user account in use, how secure is it

Antivirus

Does the workstation have AV installed, is it configured correctly, how often does it scan the machine

BIOS Settings

Can the user access the Bios, can they change the boot order, can they boot the system from a USB stick or a CD

User Rights

Is the user able to change settings, are they able to access command lines, can they install applications

Unnecessary Applications

Applications are often installed by default but more often than not users do not need them and they introduce risk to the organisation

CYBER ESSENTIALS

Developed by the UK Government, Cyber Essentials is an industry supported certification scheme. We can help you with both Cyber Essentials and Cyber Essentials Plus.

Cyber attacks are on the increase and every company is a potential target. Cyber Essentials certification allows the organisation to provide evidence to its customers that they take data security seriously and their systems and the data it holds is robust.

Enables an organisation to identify risks and put adequate controls in place to manage or reduce them
Enables an organisation to protect commercially sensitive data
It is a mandatory requirement for all public service contracts and Government suppliers
Demonstrates an organisations compliance to a level that is endorsed by UK Government
Demonstrates the organisations commitment to security and safeguarding data
Provides an organisation with a competitive advantage, especially against your competitors without accreditation
Meets the new GDPR requirements.

PHISHING ENGAGEMENT

Our Phishing engagements include a bespoke, customised website and a crafted set of emails which will be distributed over a defined period of time. We will work with you on creating the most effective and realistic campaign and once the project has completed, you will receive a detailed report of the findings. Once you have the report, one of our consultants will come onsite and deliver a Security Awareness Training day to educate your users. This can be delivered to an audience of your choice.

SCADA TESTING

Our partners have the infrastructure and the expertise to manage the security operations of Critical National Infrastructure Organisations.

We will conduct a detailed assessment of your SCADA/ICS environment to ensure they are as robust as possible.

CLIENT TESTIMONIALS - VIEW ALL

"Staddon consulting have been GoCompare’s trusted partner for over six years. Their friendly and approachable manner has made it easy for us to develop a very good relationship with them. I know we can trust them to do an excellent job and they are extremely flexible. Donna goes above and beyond to make sure everything runs smoothly and that's one of the reasons we have stayed with them. I would highly recommend Donna and her team to anyone who needs help with their Cyber Security"

David Trouse

Data Protection Officer - GoCompare

"Donna at Staddon Consulting has been brilliant in our exercise of achieving PCI Level 1 compliance for our eCommerce platform, bluCommerce. We knew from the beginning that this would be a complex and challenging project both technically and operationally, and she expertly helped co-ordinate the key steps in gaining full PCI accreditation. The project as a result flowed extremely smoothly and we achieved our goal ahead of schedule!"

Chris Mattingly

co-founder & Director - blubolt

"I have been working with Staddon Consulting for the last 7 years, mostly on security solutions suitable for use in our medium sized business with around 150 staff. As a Housing Association and a registered charity we need to ensure we have effective solutions but also obtain very good value for money. Staddon Consulting have always been able to suggest a number of solutions, arrange demonstrations and help us to select solutions that meet our requirements as well as providing help and advice relating to the ongoing use of the solutions. I would happily recommend Staddon Consulting to anyone who needs help with their Cyber Security"

James Osborne

Head of IT - Two Rivers Housing

"Hertsmere were looking for a way to tackle staff awareness about Phishing scams and approached Staddon Consulting, who we had previously worked with on our IT Health check over a number of years. They suggested a simulated phishing attack followed by a presentation to staff on security through the eyes of a hacker which was punchy, engaging and very well received. They are extremely approachable and always come up with the right solution to meet our needs. I would highly recommend Staddon Consulting without hesitation"

David Casling

Infrastructure and Technical Security Team Leader - Hertsmere Borough Council

"We have worked with Staddon Consulting for several years, where they have supported us with various security assessments. My team and I have always found them to be extremely flexible in their approach, easy to engage with and are viewed as a trusted and reliable security partner.
They have been able to offer several services from various accredited suppliers, enabling us to rotate suppliers in line with best practice, whilst maintaining a relationship with one Account Manager. We look forward to continuing to work with them in the future."

Richard Strange

Director of Transformation-IT - Aster Group

"Staddon Consulting were brilliant from start to finish. We worked with them on a detailed security assessment of a business critical application and cannot fault the professionalism and service. The reports were extremely detailed and thorough, and the support and advice we received throughout the process was excellent. I would have no hesitation recommending Staddon Consulting"

Scott McDougall

Director - The Independent Pharmacy

"Staddon consulting help us source accredited PEN testing partners for our enterprise clients, their knowledge of the security industry helps us provide our clients with the testing solutions to fit their requirements. We look forward to using Staddon Consulting in the future as our preferred security partner"

Phillip Davies

Director - Element Studio Ltd

"IMServ have used Staddon Consulting for over 4 years as a trusted supplier of various IT security services. We find them to be prompt, trustworthy, flexible and personable – but most importantly they take the time to understand our needs as a customer.
Having a single point of contact who uses this understanding to leverage the most appropriate products and services to support our business is a key differentiator for us."

Morgan Rogers

IT Director - IMServ Europe

"4 Digital produce complex websites and online systems/portals that require extensive security tests. Staddon Consulting have been our go-to company for many years….we depend on Donna for the right advice and solutions and she always delivers! She’s our first port of call and I’d recommend you do the same."

Andy Stanton

Managing Director - 4 Digital Ltd

"As a B2B cloud solution, Jazoodle understands that you cannot compromise the security of its systems. Staddon Consulting were recommended as we needed a full security audit prior to the launch of our solution. I have been very impressed both by the standard of work undertaken by Donna and her team, as well as their professionalism and sheer depth of knowledge. Their report and recommendations were very thorough and gave us the insight and knowledge that we acted upon to ensure our clients’ peace of mind. We will be using Staddon consulting as a matter of course for all future changes and periodic audits"