Security testing should be a key part of any organisation’s compliance processes as it provides a validation of technical security and monitoring countermeasures. Activity is able to provide a wide range of security testing services that can be tailored to a customer’s specific requirements for assurance. Our services have been developed in line with current security testing and auditing standards and aim to provide our customers with a programme of detailed technical security auditing that will give them confidence in the confidentiality, integrity and availability of their IT systems and applications.
web & application security assessment
Our experienced consultants provide a full assessment of an application that identifies vulnerabilities that could be used to compromise the application or interconnected systems. Our recommendations ensure that potential loss due to modification, exposure or destruction of information that the application stores and processes is minimised.
Our application testing approach utilises our consultants' skills and knowledge of the latest vulnerabilities as well as proven methodologies such as OWASP, to ensure that our security audit is comprehensive and effective. We do not rely on any automated tools, scripts, or methodologies produced by any of the security tool vendors.
Our experience includes; web applications, such as e-commerce systems and collaborative working environments as well as SAP, Siebel and other enterprise ERP and CRM applications.
network security assessment
We provide a tailored technical security assessment of your information system infrastructure, identifying vulnerabilities within both networks and systems. This service provides you with assurance that the configuration and operation of your information systems meets your security requirements.
Our network vulnerability assessment methodology builds on those provided by the CHECK, CREST and OSSTM giving us the ability to offer government organisations "IT Health Checks" that will meet and exceed accreditor’s requirements for independent testing of new and existing government IT systems and networks.
Our approach to network vulnerability assessment translates equally to our customers in the private sector where the CREST standard is recognised as a benchmark for providing a professional and quality level of service.
end to end security review
We deliver a technical security auditing programme that covers all aspects of the security enforcing components of an application from a physical, technical and procedural perspective. The review may include an assessment of security design specification, system documentation, implementation strategies, integration and operational management. It typically includes a combination of document reviews, interviews with key stakeholders, configuration reviews and a proactive technical assessment and analysis of the system itself.
This type of activity can greatly improve the quality and integrity of evidence that can be provided in audits against standards such as ISO27001, SOX, and BASEL II of the integrity of an organisation’s monitoring systems.
Our other security testing services include:
- Network penetration test
- Host configuration assessment
- Wireless security assessment
- Telephony systems testing (War dialling, VOIP)
- Intrusion Detection and security monitoring system testing
- Social Engineering
