sss

Audit

Home > Our Offer > Services > Audit

What is the security level of your information system? Does it meet your business needs?

We propose to evaluate the security level of your Information system through customized audits that meet your business needs, your budget, and your technical and operational constraints.

Our audits can target technical, functional  and / or organizational components of your Information System.

Here are the various audits that we offer:

  • External / Internal / WiFi Penetration Testing
  • Application audit
  • Source code audit
  • Information Security Management audit
  • ISMS mock audit

 Penetration Testing

Penetration Tests aims to simulate the behavior of hackers and to use their techniques to push a system / technology / application / person to its limits in order to discover vulnerabilities.
These are some examples of penetration tests we perform:

  • External Penetration Testing (in blackbox)
  • Internal Penetration Testing (scenario based )
  • Application Penetration Testing (Web applications, mobile applications, etc)
  • Social engineering (targeted attacks, phishing, phone calls, contact-making, etc.)
  • WiFi networks Penetration Testing

The penetration tests are the most effective way to assess the solidity of your security measures against attacks.

Application audit

Application audits aim to assess the security of applications (web applications, mobile applications, etc.). During application audits we examine not only the audited application but also all its environment components:

  • Web server
  • Application server
  • Database Server
  • System Infrastructure supporting the application

The conduction of application audits is recommended before deploying applications in production environment. For in depth analysis of the security of your applications, application penetration testing and source code audit could also be integrated within the application audit.

Source Code audit

The source code audit allows you to check whether good coding practices have been respected during the applications development cycle. The audit of the source code is based on:

  • Automated testing through source code scanners
  • Manual source code review
  • Application structure analysis

Information Security management audit

Information security management audit aims to enlighten you about:

  • The application of your policies, procedures and security charters
  • The compliance of your security documents (policies, procedures, etc.) with the best practices
  • Your information security management improvement opportunities

Mock ISMS Audit

Mock ISMS audit is a requirement of the ISO / IEC 27001 and is part of its life cycle. It’s composed of the following elements:

  • ISMS documentation review (security policies, procedures and guidelines, risk management documents, etc.)
  • Identification of non-compliances related to the documentation
  • Identification of non-compliances related to the implementation of the policies, procedures and guidelines of the ISMS.