Testing of a mobile application will broadly follow the same steps as an OWASP application test. We will always begin the process by understanding how the application works and what it does. As the techniques and languages used to write the applications vary for each platform, it is vital that each application is treated as a separate application and tested independently.
We will assess the security of the mobile application, looking at how it handles and stores data, how it transmits data and whether it manages sessions properly. Testing will be done from an unauthenticated and an authenticated perspective.
The testing approach can roughly be broken down into four areas:
Most organisations use wireless in some way, even if it’s just for guest use. This presents a threat to the organisation as the WiFi network is often accessible outside the building and also numerous devices are able to connect to it.
Our Wireless Testing offering will assess the configuration and deployment of your WiFi network from an unauthorized, authorized and a configuration perspective.
See below for the sort of issues our consultants would be looking for during a Wireless Testing engagement. We cannot provide a full list as it completely depends on what the company does, what systems are in use.
Most organisations have more desktops than any other device therefore they all need to be built, managed and configured in a secure way. If there is a security issue on one desktop, it is likely it exists on all of them, therefore getting a gold build standard in place can be an easy win for security in an organisation as the security of the entire estate can be improved dramatically.
We will conduct a review of a sample of desktops with a view to providing you with a detailed list of remediation steps that can be easily incorporated into your organisations secure build policy.
Is the operating system up to date, is it being maintained, are there any critical patches missing
Are the applications installed on top of the operating system patched
Is the local admin user account in use, how secure is it
Does the workstation have AV installed, is it configured correctly, how often does it scan the machine
Can the user access the Bios, can they change the boot order, can they boot the system from a USB stick or a CD
Is the user able to change settings, are they able to access command lines, can they install applications
Applications are often installed by default but more often than not users do not need them and they introduce risk to the organisation
Developed by the UK Government, Cyber Essentials is an industry supported certification scheme. We can help you with both Cyber Essentials and Cyber Essentials Plus.
Cyber attacks are on the increase and every company is a potential target. Cyber Essentials certification allows the organisation to provide evidence to its customers that they take data security seriously and their systems and the data it holds is robust.
Our Phishing engagements include a bespoke, customised website and a crafted set of emails which will be distributed over a defined period of time. We will work with you on creating the most effective and realistic campaign and once the project has completed, you will receive a detailed report of the findings. Once you have the report, one of our consultants will come onsite and deliver a Security Awareness Training day to educate your users. This can be delivered to an audience of your choice.
Our partners have the infrastructure and the expertise to manage the security operations of Critical National Infrastructure Organisations.
We will conduct a detailed assessment of your SCADA/ICS environment to ensure they are as robust as possible.