Security Testing

Security Testing

At 7 Elements our approach to security testing is based on manual penetration testing techniques and goes further than simple vulnerability scanning.

This approach, combined with our technical knowledge, ensures a deeper level of assurance and delivers pragmatic and tailored advice that is specific to the environment under test. Our security testing services include:

Infrastructure Testing

In depth security analysis is required to ensure that the client’s services are adequately protected from attack by accidental or malicious external or internal attackers. The primary aim for our infrastructure testing is to identify weaknesses or vulnerabilities within the target network infrastructure and in components exposed to the internet.

Application Security Testing

Gaining assurance that applications are sufficiently protected is a critical aspect of an organisation’s approach to security. With an ever evolving threat landscape, applications can quickly become vulnerable to new forms of attack. As such, sites should be assessed on a regular basis to ensure that any potential exposure is mitigated before it can be exploited.

Our approach to application security testing blends the identification of technical exposure with business logic flaws that could lead to a breach in security.

Mobile Device Security Assessment

Mobile working has become key element of every day business and with company sensitive data comes a need for security controls. A mobile security assessment provides an in depth security review to ensure that any mobile working platform, phone or tablet, is adequately protected from disclosure of sensitive data, external attacks or internal misuse. The primary aim for our mobile security assessment is to review the device deployment against good practices while also identifying weaknesses or vulnerabilities that could be used to circumvent security or attack the device.

Mobile Application Security Testing

Mobile applications and devices have changed the way we work on a daily basis. This rapidly changing and growing area of Information Technology can introduce serious vulnerabilities and lower an organisations security posture considerably. Good software development practices and security testing can help to identify and understand the impact of security issues prior to deployment of a new application or updates to existing application. For more information on how we deliver Mobile Application Assessments please visit the following page.

Secure Build Review

Building security in at the start of an IT asset’s lifecycle provides an organisation with a solid foundation from which to deliver a layered security approach. However, assurance that the desired level of security has been achieved is still required.

Our build review approach assesses IT assets against defined standards to ensure compliance with existing industry standard information security controls. This will enable your organisation to maintain secure ‘builds’ that keep up to date with the evolving threat landscape.

Security Code Review

Organisations should defend against insecure coding practices, which result in common vulnerabilities that could lead to future security issues. Reviewing code from a security perspective provides assurance that the application has been developed securely to defend against attacks.

Our approach to security code reviews utilises a risk based manual assessment process. This ensures that key areas of code are evaluated while balancing the time and cost implications of conducting the code reviews.

Firewall Review

Correctly configured firewall devices are paramount to the security of an organisation. Often providing protection from internet based attacks, it is vital that these devices are appropriately configured and maintained.

Our approach focuses on a manual review of the device’s configuration and rule set to identify weaknesses within the firewall that may lead to a compromise of the network.

Wireless Assessments

It is important to ensure that wireless networks are securely configured and that devices involved in the provision of wireless networking services do not have security weaknesses that could be exploited by an attacker.

Our approach to wireless assessments focuses on both unauthenticated and authenticated access to identify misconfigurations which could negatively impact the overall security of the solution.

Social Engineering

Successful social engineering engagements require close collaboration between the organisation and our test team. This approach enables both parties to identify valid test cases, establish success criteria and derive key indicators for reporting.

We will work with you to develop the required methodology and then deliver the technical elements required.

Phishing Engagements

Phishing is the art of enticing a victim to click on a malicious link and is a common component of our wider social engineering and scenario based (simulated attack) testing engagements. For more information on how we deliver phishing engagements please visit the following page.