SECURITY TESTING

All our security testing is split into the following phases: introduction, testing, delivery and after care. You will be assigned a consultant who will send an introductory email with all the relevant contact details and source IP addresses

Staddon mobile application testing

MOBILE APPLICATION TESTING

Testing of a mobile application will broadly follow the same steps as an OWASP application test. We will always begin the process by understanding how the application works and what it does. As the techniques and languages used to write the applications vary for each platform, it is vital that each application is treated as a separate application and tested independently.

We will assess the security of the mobile application, looking at how it handles and stores data, how it transmits data and whether it manages sessions properly. Testing will be done from an unauthenticated and an authenticated perspective.

The testing approach can roughly be broken down into four areas:

  • Application mapping
  • Client attacks
  • Network attacks
  • Server attacks

Contact us

WIRELESS TESTING

Most organisations use wireless in some way, even if it’s just for guest use. This presents a threat to the organisation as the WiFi network is often accessible outside the building and also numerous devices are able to connect to it.

Our Wireless Testing offering will assess the configuration and deployment of your WiFi network from an unauthorized, authorized and a configuration perspective.

See below for the sort of issues our consultants would be looking for during a Wireless Testing engagement. We cannot provide a full list as it completely depends on what the company does, what systems are in use.

  • What encryption is in use
  • Access restrictions
  • SSID broadcast
  • Access points patching
  • Physical location of access points
  • Configuration and restrictions imposed on access points
  • Rogue Access Points identification

Contact us

BUILD REVIEW

Most organisations have more desktops than any other device therefore they all need to be built, managed and configured in a secure way. If there is a security issue on one desktop, it is likely it exists on all of them, therefore getting a gold build standard in place can be an easy win for security in an organisation as the security of the entire estate can be improved dramatically.

We will conduct a review of a sample of desktops with a view to providing you with a detailed list of remediation steps that can be easily incorporated into your organisations secure build policy.

Contact us

During the Build Review, the types of issues we will look at includes but is not limited to:

OS Pacthing icon

OS Patching

Is the operating system up to date, is it being maintained, are there any critical patches missing

Application Patching icon

Application Patching

Are the applications installed on top of the operating system patched

Local Admin icon

Local Admin

Is the local admin user account in use, how secure is it

Antivirus icon

Antivirus

Does the workstation have AV installed, is it configured correctly, how often does it scan the machine

BIOS Settings icon

BIOS Settings

Can the user access the Bios, can they change the boot order, can they boot the system from a USB stick or a CD

User Rights icon

User Rights

Is the user able to change settings, are they able to access command lines, can they install applications

Unnecessary Applications icon

Unnecessary Applications

Applications are often installed by default but more often than not users do not need them and they introduce risk to the organisation

Check Testing Logo

IT HEALTH CHECK / CHECK TESTING

Our partners are CHECK accredited and can provide IT Health Check services to HMG and CNI customers.

Any company employing CHECK Service providers can rest assured that they are working with a highly qualified and suitably experienced team capable of delivering a high quality service.

The consultants that carry out the IT Health Check will be members of the CESG CHECK Scheme who hold a minimum of SC Clearance. We will conduct the testing following the requirements and methodology of the CESG CHECK Scheme. Most CHECK work will carry a protective marking of RESTRICTED and ALL Check work will be submitted to the CESG CHECK Panel for Review.

Contact us

Cyber Essentials Logo

CYBER ESSENTIALS & CYBER ESSENTIAL PLUS

Developed by the UK Government, Cyber Essentials is an industry supported certification scheme. We can help you with both Cyber Essentials and Cyber Essentials Plus.

Cyber attacks are on the increase and every company is a potential target. Cyber Essentials certification allows the organisation to provide evidence to its customers that they take data security seriously and their systems and the data it holds is robust.

Contact us

  • Enables an organisation to identify risks and put adequate controls in place to manage or reduce them
  • Enables an organisation to protect commercially sensitive data
  • It is a mandatory requirement for all public service contracts and Government suppliers
  • Demonstrates an organisations compliance to a level that is endorsed by UK Government
  • Demonstrates the organisations commitment to security and safeguarding data
  • Provides an organisation with a competitive advantage, especially against your competitors without accreditation
  • Meets the new GDPR requirements.
Phishing Engagement icon

PHISHING ENGAGEMENT

Our Phishing engagements include a bespoke, customised website and a crafted set of emails which will be distributed over a defined period of time. We will work with you on creating the most effective and realistic campaign and once the project has completed, you will receive a detailed report of the findings. Once you have the report, one of our consultants will come onsite and deliver a Security Awareness Training day to educate your users. This can be delivered to an audience of your choice.

Contact us

SCADA TESTING

Our partners have the infrastructure and the expertise to manage the security operations of Critical National Infrastructure Organisations.

We offer both ICS/SCADA Pen Testing and ICS/SCADA Security Monitoring and Management to ensure your ICS/SCADA environment is as robust as possible.

Contact us

Scada Testing icon

CLIENT TESTIMONIALS - VIEW ALL

Available for a limited time only... FREE Penetration Testing Workshop