If the site is hosted by a 3rd Party Supplier, it would be your responsibility to obtain permission before testing begins. At some point CyberSigma will need to use some low level login credentials for application and website testing. For confidentiality reasons we will ask for these to be text/emailed to us when required. If an Intrusion Prevention System (IPS), Web Application Firewall (WAF) or Active Intrusion Detection System is present, exclusion for the IP Addresses associated with testing may be required.
The goal of firewall rules review is to verify the efficacy of your filtering policy by ensuring that the firewall configuration and rule set meet business and compliance requirements by verifying that actual configurations and traffic actually flowing through the firewalls matches approved configurations and traffic that is approved to flow through the firewalls.
Source code auditing is the most comprehensive service that can be applied to a given application: it can exhaustively detect the vulnerabilities affecting an application by reviewing the source code.
Performed following a white box approach, the configuration audits make it possible to compare the security level of a given environment with the state of the art, with all the necessary points of view (access to equipment configurations, interviews with teams in charge of the platforms, provision of documentation, etc.).
Red team engagements use real attacking tactics applied to your infrastructure. It is a life-size exercise that aims to find a way to infiltrate your internal network in order to extract real data, all this avoiding detection. The purpose of this service is to reveal how effective your organisation's defences are against a real attack but also to test security at several levels of your organisation. The tests will be carried out remotely, but can also need to be done from your premises.