This document discusses security assessment services including penetration testing, code reviews, security awareness training, and infrastructure hardening. It outlines different testing approaches like black box and white box testing as well as mobile application testing, reverse engineering, and infrastructure assessments. The focus is on securing software development through practices like secure development lifecycles, training, and verification testing as well as securing infrastructure and monitoring systems. Manual and automated testing methods are combined for comprehensive security evaluations.
11. Penetration testing
Black Box Testing
Only publicly available
information
Closest to real-world attack
scenario
White Box Testing
Access to internal
information
Code
Architecture diagrams
A real attacker normally
does not have access to
this information
Both approaches combined provide the most accurate results.
13. Secure software
Secure Development LifeCycle (SDLC)
Create robust and secure software
Security guidance throughout the development process
(Construction, Governance, Verification & Deployment)
Training and knowledge transfer
Verification (penetration) testing
14. Infrastructure Assessments
What we do
•Combine all these approaches
•Maximize coverage
•Identify root causes
•Readable reporting
Security Auditing
•Detailed results
•Compliancy verification
Manual Pentesting
•Measures actual security impact
•Unearths human errors
•Provides time-based security metrics
•Finds what automated testing can’t
Automated Scanning
•Checks for 10.000+ vulnerabilities
•Fast & cost-effective
•Finds what manual testing overlooks
15. Securing People
Focus on testing and improving security awareness
Password management
Social engineering testing
USB stick drop-offs
Phishing susceptibility assessments
Awareness training