Network Security Assessments
External Assessment - Through vulnerability assessment and/or penetration testing performed from an outsider's perspective (usually across the internet), identifies publicly accessible vulnerabilities and determine what information is available to hackers.
Internal Assessment - Performed from inside the network to determine how much information an employee or contractor can acquire without detection.
Wireless Assessment - Assesses the security of an authorized wireless network while identifying rogue access points, mapping an area's wireless activity and highlighting signal leakage.
Mobile Application Security Assessment - Evaluates overall mobile infrastructure using tests to assess the security of all mobile devices (iPhone, Android, tablets, etc) and applications to determine their susceptibility to data breaches as well as any gaps between current policies, procedures and best known practices.
Dial-Up Assessment - Identifies unauthorized modems that could allow remote access and tests known modems for security weaknesses.
Web Application Security Assessment - Uses an in-depth probing to fully test access controls in order to find configuration deficiencies and security vulnerabilities. Common web application exploits often include SQL injections, cross-site scripting, request forgeries, directory transversals, buffer overflow checks and 'remote file includes' in PHP.
- Web Application Security Assessment Case Study for Acushnet Company, home of the Titleist, FootJoy and Pinnacle golf brands.
Social Engineering Assessment - Using means such as lies, impersonation, and subversive access attempts to test the strength of existing policies, staff training, and technical controls. Physical security review identifies areas of security risk around and within the facility and examines processes for gaining physical access to restricted locations.