The reconnaissance audit draws a map of the elements of an information system exposed online. This audit type enables to identify the attack surface of a company.
The reconnaissance audit can be the first step of a security audit or be conducted independently.
Web platforms are one of the favourite targets of the attackers, as they are particularly exposed and vulnerable elements.
A Web platform penetration test assesses the security of the server and of Web applications (front office, back office, APIs).
The security audit can focus on specific targets (especially features at risk) or cover the entire exposed scope.
Mobile applications present risks of different types, such as manipulation of personal data, entry points to a Web infrastructure. They might also be copied, decompiled and corrupted. This last risk also applies desktop applications.
Desktop or mobile application security audit enables to run specific tests on the application itself (cryptography and reverse engineering). For mobile applications, auditing mobile APIs is a priority challenge.
The IoT security is a complex topic, due to the extent of the entry points and of the potential technologies.
As IoT solutions are used in different sectors (for instance health, transport, industry), a successful cyberattack would have important consequences.
The IoT security audit enables to test specifically the hardware (embedded electronics and software) or to assess the security level of the ecosystem as a whole (electronic, embedded software, communication protocols, APIs, servers, web interfaces, mobile applications).
A secured infrastructure is an essential condition to ensure the smooth running of the company’s activities, in order to preserve data integrity and confidentiality.
An infrastructure pentest can focus on the external infrastructure or on the internal network of a company.
Social engineering is formidable method of attack, used against all types of targets, including the most secure organizations. The number of possible scenarios only depends on the imagination and motivation of the attackers.
A social engineering audit allows testing procedures and human behaviour, in order to assess the risk level as well as corrective actions to put in place (technical protections, monitoring processes, employees’ awareness).
Assessing the global security level of a company facing cyberattacks enables to define or elaborate priorities regarding security. This approach enables to identify very concretely real risks.
An information security audit (on an information system as a whole) comprises generally two steps: an external security audit, then an internal security audit. This makes possible to test a whole range of possible attacks on the information system.
A pentest assesses the security level of your systems in a professional framework.
Vaadata’s team, highly specialized, uses its expertise in attack techniques to identify the technical, logic and organisational vulnerabilities of your information systems.
Vaadata offers high-quality audits, which its 150 clients vouch for.
What are the differences between the Black Box, Grey Box and White Box approaches?
What is our methodology?
How can we define the scope of a pentest?
The price of a pentest is to be defined on a compromise between the objectives to reach and the resources to be allocated.
This generally involves an analysis of the scope to be audited with the client (free analysis phase).
Vaadata offers various security audit package, as well as made-to-measure audits.