MENU
Our Offers

Audit

The purpose of the security audit is to identify the level of security of your information system, embedded system, industrial system or IoT.

Following a security audit, the auditor draws up classified and prioritised recommendations to correct any shortcomings within the scope under audit, and to protect you from all types of threat.

Performing an audit enables you to:

  • Effectively anticipate a potential attack by identifying actual vulnerabilities and your level of exposure to ISS risks
  • Improve the effectiveness of existing protection solutions (Firewall, Proxy, IPS, WAF, VPN, SSL, PKI, etc.)
  • Challenge the implementation of your ISSP (Information System Security Policy) and your existing providers/partners: Integrators, service providers/hosts, SOC, operators, etc.
  • Upgrade your overall security level (periodic audit)

OUR KNOW-HOW

  • Internal & external penetration test
  • Workstation penetration test
  • Cloud penetration test
  • VOiP, Skype, MDM penetration test
  • Mobile penetration test
  • Active Directory, Azure AD
  • Big Data Infrastructure
  • Electronic payment & financial infrastructure (DSP2, TPE, payment servers, SWIFT, etc.)
  • Wi-Fi, RFID
  • Web penetration test
  • Mobile (Android, IOS, etc.)
  • Web services
  • Heavy applications
  • ERP (People Soft, SAP)
  • Simulation of an actual attack with an extended perimeter and potentially long duration, with or without breaks
  • Physical penetration
  • “pwn or go home”, “capture the flag” scenarios, etc.
  • Evaluation of the capability and maturity of the SOC
  • System foundations (Windows, Linux, AS400 Mainframe, etc.)
  • DBs (Oracle, MSSQL, DB2, etc.)
  • Web and application servers (Apache, Weblogic, Jboss, etc.)
  • Firewall, proxy (Check Point, Fortinet, Juniper, Squid, F5, etc.)
  • SAN, storage infrastructure
  • Bastion hosts, VPNs
  • Networks
  • Software
  • AD/IAM
  • Private, public, hybrid cloud
  • All languages
  • Manual or semi-automated audit
  • Advice and awareness for developers
  • Phone phishing campaign
  • Email phishing campaign
  • Awareness-raising
  • Physical penetration
  • Forensic analysis
  • Emergency response with investigation

Audit of embedded systems

  • Organisational and physical audit
  • Compliance audit (ISO, IEC, NIST, etc.) & CSPN audit
  • Architecture audit (ANSSI, IEC 62443)
  • Source code audit
  • Auditing, support and monitoring of suppliers (ISO, IEC)
  • Technical system audit & product evaluation (SW, HW, Telecom)
  • Pentest for the integrated system and product

Audit of industrial systems

  • Organisational and physical audit
  • Compliance audit (IEC, NIST, etc.) & CSPN audit
  • Architecture audit (ANSSI, IEC 62443)
  • Source code audit
  • Auditing, support and monitoring of suppliers (ISO, IEC)
  • Technical system audit and product evaluation
  • Pentest for the integrated system and product

Audit of IOT Systems

  • Organisational and physical audit
  • Architecture audit (sensor, equipment, gateway, cloud, IS)
  • Source code audit
  • Auditing, support and monitoring of suppliers
  • Technical system audit and product evaluation
  • Pentest for IoT systems (from sensor to information system)

Our teams are at your service