Vulnerability Assessment and Penetration Testing (VA/PT)

VA/PT is a requirement for compliance with standards such as PCI-DSS, or as a part of risk assessment for ISO 27001; regardless, conducting regular VA/PT is deemed a good practice and is usually included in well-designed security programmes. VAPT is included in our security assessments, but we also offer a separate service for specific objectives such as reports for compliance audits. We use VA scanning tools according to the need of the organisation and analyse reports to extract actionable intelligence. In addition to the summary report, we submit recommendations for remediation and a prioritised list of remediation activities.

Security Policies
Data Classification
Risk Management
Topology, Data Flow
Access Control
VPN/Remote Access
Network Access Control
Application Configuration
Database Configuration
Change Control
Patching & Anti-Virus
Logging / SIEM
Intrusion Detection
Physical Security