Our skilled security testers, CREST and OSCP certified have a standard toolbox of best-of-breed utilities, such as Checkmarx, DevPartner CodeReview, FindBugs, Visual Studio, Nessus, SOAPUI, Burp Suite Pro and OWASP ZAP, Metasploit Pro framework, Nmap and Acunetix Web Scanner.
Using these tools (automated), combined with years of experience within cross-domain security disciplines and practical methodologies (manual) allows us to provide real, tangible and usable information to secure your systems.
Our methodology for performing technical security assessments draws elements from a number of published, leading methodologies, including OWASP, OSSTMM, NIST, NSA, PTEST, and ISSAF.
We are able to introduce more consistent, measurable and repeatable testing approaches such as the OWASP Application Security Verification Standard (ASVS) and implement Security testing in your build process with our Continuous Security Integration (CSI) services to introduce shift left testing for Security.
- Penetration Testing
- Vulnerability Assessments
- Dynamic code analysis
- Static code analysis
- Implementation of Secure Systems Development Lifecycle processes (SSDLC)
- Embedding security testing as part of your build and CICD processes in an automated and repeatable fashion