APPS
SAFETY AUDIT
There are different approaches to approaching an IT security audit or “ethical hacking” of an organization’s assets. Wardsec uses internationally recognized security review methodologies such as OSSTMM, NIST SP 800-115, OWASP and OWISAM to ensure the security of our clients’ assets.
At Wardsec we have unified information cybersecurity services and intelligence solutions to build our portfolio of professional solutions.
Our differentiating factors are the great specialization, the technical quality of our team and the high investment in R&D, to keep up to date with the cutting-edge security techniques with which to reduce the risks of computer attacks.
Approaches to audits
Types of audits
Depending on your needs, a security review can be done with a security audit or penetration test approach. On many occasions these terms are used in an analogous way, although a security audit focuses on identifying and analyzing the theoretical impact of vulnerabilities on a system, while an intrusion test is somewhat more complete and includes verification of the affected system. , of the real impact of the detected vulnerabilities. Wardsec makes use of security metrics such as CVSS to classify the impact of vulnerabilities and conducts audits according to two different points of view
The “black box” is the security audit, or penetration test, in which the auditor does not have knowledge of the underlying technological infrastructure.
This security review is ideal for simulating attacks carried out by personnel outside the organization and knowing the level of exposure to an attack. In this type of security review, the team of auditors does not have a priori users with whom to interact with the applications to be analyzed.
The team of analysts should collect information about the platform in this type of work, in order to propose the most plausible attack scenarios.
It’s a more thorough security audit. In it, technical information on the assets to be audited is provided, including, depending on the assets analyzed, information such as users, passwords and existing security mechanisms.
With this approach, the auditor does not need to dedicate an extra effort to the search for information and allows to focus the efforts on those elements that are critical for their business.
This review is complementary to a black box security review, and can be carried out after the previous one. The objective of this review is to shield a platform against more sophisticated attacks, against an attacker who has greater resources or to provide the platform with greater protection due to the criticality of the information it manages.
Audits
Main types of audits
of security
The computer security audits carried out by Wardsec’s team of cybersecurity specialists are carried out in different modalities: closed project, bag of hours and recurring services.
Web Audit
Its objective is to achieve the protection of web portals and applications by simulating real attacks. Web application auditing also analyzes vulnerabilities associated with application technology, infrastructure, and logic.
ECommerce audit
It improves the confidentiality and availability of the ecommerce platform and helps reduce the risk of fraud and payment data (PCIDSS).
Internal intrusion test
Identification of weaknesses and access routes to confidential information within the company’s systems. This penetration test work helps to identify areas for improvement in the security of the active directory and internal servers.
Perimeter security review
Analysis of the external perimeter of the organization, analyzing the exposed services (web portals, mail, DNS …) and the applications.
Auditoría Wifi
Review of the deployment and security of the Wifi infrastructure in enterprise networks and captive portals. Analysis of coverage and triangulation of devices and access points.
Microsoft Windows platform audit
Analysis of the active directory infrastructure, security policies, configuration of servers and workstations, as well as preparation of safe configuration guides.
Linux and Unix Systems
Study of the security mechanisms implemented in the systems, weaknesses and aspects of improvement.
Hardware hacking
Security audit of hardware devices (communications routers, cable modems, embedded devices, alarms, IOT devices.
Mobile app audit
Security tests on Android and IOS mobile applications and mobile application code auditing to analyze the storage, transmission and processing of data by the applications.
“More than 10 years providing the best
security audit services”
Other Services
In addition to conventional security reviews, Wardsec has tailored services, such as for cyber exercises, code audits, and specific departments that lead the following services:
Red Team
Specialized 24/7 team that simulates sponsored computer attacks against your company, in order to detect weak points in your security model and enter the defensive team.
Bug Bounty
Managed program of rewards to researchers for the identification of security flaws.
