Information Technology (IT) Audit Services

Penetration Testing Audit

A penetration test, occasionally pentest, is a method of evaluating computer and network security by simulating an attack on a computer system or network from external and internal threats to find out flaws, misconfigurations, and vulnerabilities all inethical and systematic manner. Our security auditors apply security testing methodologies such as Open Web Application Security Project (OWASP), Information Systems Security Assessment Framework (ISSAF), Open Source Security Testing Methodology Manual (OSSTMM)

Simulate Hacker to attack into system:

– Black Box Testing (Black-box): Assume that hacker does not know the system information of an enterprise (no prior knowledge of the client’s network architecture, detection capabilities, or its control processes) and conducts attacks on the components of the system.

– White Box Testing (White-box): Assume that hacker has full of system information such as system diagrams, lists of applications and operating system.

– Gray Box Testing (Gray-box): Assume that the hacker has account as a user and conducts attacks on the system as an employee of the business.

Vulnerability Assessment Audit

Auditors use automated software to scan the system for public vulnerability. Vulnerability scanners can scan network and websites for up to thousands of different security risks, producing a prioritized list of vulnerabilities, and give steps on how to remediate them.

Security Configuration

Assess the device configuration follow CIS Security Benchmark. Services include surveying and assessing the following configuration:

  • The system/network model
  • Basic network devices (routers, switches, …)
  • Devices and network security software (Firewall, IPS, VPN systems, …)
  • Security policies