HSC - Services - Audit & Assessment

Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet


You are here: Home > Services > Audit & Assessment		Search:

Services

			Skills & Expertise
			Consulting
			ISO 27001 services
			Vulnerabilities monitoring
			Audit & Assessment
			Penetration tests
			Vunerability assessment (TSAR)
			Technical assistance
			Training courses
			E-learning

Conferences

			Agenda
			Past events
			Tutorials

Resources

			Thematic index
			Tips
			Lectures
			Courses
			Articles
			Tools (download)
			Vulnerability watch

Company

			Hervé Schauer
			Job opportunities
			Credentials
			History
			Partnerships
			Associations

Press and
communication

			HSC Newsletter
			Press review
			Press releases
			Publications

Contacts

			How to reach us
			Specific inquiries
			Directions to our office
			Hotels near our office


		Audit & Assessment


	See also... Penetration tests Vunerability assessment (TSAR) HSC ethical and deontological guidelines How to request an intervention Theme audit Theme assessment

Audits

Evaluations and analyses

Audits

The HSC audit is a high quality service, thanks to the exhaustive and objective view it provides:

Why call in HSC for an audit?

To get an exhaustive view of one's security, with complete fairness and independence.
To obtain practical, directly applicable recommendations.
To get recommendations sorted by priority order and difficulty level.
HSC can carry out any type of technical audit (wireless network audit, network architecture audit, application architecture audit, flows audit, OS audit, sotware audit, investigation audit, code audit...)
Finally, to share HSC consultants' experience and enjoy a skills transfer from enthusiast professionnals.

Which type of audit do you need?

Different approaches are possible:

Verification audits
This type of audit analyzes the condition of a system or network, examining the following aspects: organization, architecture, protocols used, configuration, and operating and staff skills. We use a practical approach, which is based on HSC's experience and the methodology we have developed over the years. The audit is carried out with the operating staff, in a limited space.
Validation audits
The validation process checks the state of the system against an existing referential. For example, it verifies that previously defined security requirements have been correctly enforced.
Intrusive audits
Active search for weaknesses in the system, using HSC's vulnerability database. The audit is conducted from within the audited network, using an approach based on intrusion attempts. This audit is carried out without the operating staff, in a wide environment.
External penetration tests
Unlike audits, intrusion tests are entirely conducted from outside the network being tested. The aim is to simulate a real attack to see how well or poorly the network resists.

Evaluations and analyses

These evaluations can concern:

an application (comercial software, scripts developped for a web site...),
a communication protocol,
a security architecture,
etc.

We evaluate the relevance of the design, the resistance to attacks and/or cryptanalysis, the level of security provided, the perenniality of the solution...

The analysis includes some tests and an analysis of the source code and/or specifications when they are available. Otherwise, it can be done by reverse engineering.