Measure your level of protection with a security audit of your information, embedded, industrial or IoT system.
Our engineers, experts in hardware, software and IoT, assess the risks, identify the vulnerabilities according to existing OWASP top 10 guidelines and give you a list of recommendations (PASSI, CVSS) in order to raise your security level, through different audit programs.
PASSI RGS certified (configuration audit – architecture audit – source code audit – intrusion audit), SERMA Safety and Security supports you at the highest level for your audits. Our experts can also assist you with embedded and IOT systems from the embedded application phase to the hardware phase (desoldering, reverse engineering, glitching, etc.)
Conducting an IT security audit allows you to:
- Effectively anticipate a potential attack by identifying actual vulnerabilities and your level of exposure to risks on the information system or product.
- Improve the effectiveness of existing protection solutions (Firewall, proxy, IPS, WAF, VPN, SSL, PKI, etc.)
- Challenge the implementation of your ISSP (information system security policy) as well as your existing service providers/partners: integrators, outsourcers/hosters, SOC, operators
- Develop your overall security level (periodic audit)
- Play realistic scenarios from the side of the cyber attacker (redteam missions, phishing campaign,…)
- Penetration testing – Infrastructure (black box, white box, grey box, DSP2 …), IoT, embedded products
- Penetration testing – Application
- Red Team
- Configuration audit (PASSI, script execution…)
- Architecture audit (PASSI, IEC 62443, sensor, equipment, gateways, cloud, IS …)
- Source code audit (PASSI)
- Supplier audit, support and monitoring (ISO/IEC)
- Technical systems audit and product evaluations (SW/HW/Telecom)
- Phishing campaign
- Vulnerability identification – Remediation