Our security review service is similar to our penetration testing service, however we directly inspect the source code and configuration settings of the target. This allows us to avoid most the “guess work” that is part of every penetration test. This approach also allows us to provide better recommendations as we can directly point to the root cause of the discovered issue.
We tailor every project to the specific requirements of our customers, we mainly provide the following two audit types:
Source code reviews
Security reviews of source code with a combination of static checks, manual code inspection and active debugging in our test environment. This allows us to identify and tackle complex vulnerabilities that probably couldn’t be discovered with a normal penetration test.
Infrastructure and system reviews
Review of network environments like Active Directory or specific systems regarding system hardening and security best practices.