The HSC audit is a high quality service, thanks to the exhaustive and objective view it provides:
Why call in HSC for an audit?
To get an exhaustive view of one's security, with complete fairness and independence.
To obtain practical, directly applicable recommendations.
To get recommendations sorted by priority order and difficulty level.
HSC can carry out any type of technical audit (wireless network audit, network architecture audit, application architecture audit, flows audit, OS audit, sotware audit, investigation audit, code audit...)
Finally, to share HSC consultants' experience and enjoy a skills transfer from enthusiast professionnals.
Which type of audit do you need?
Different approaches are possible:
- Verification audits
This type of audit analyzes the condition of a system or network, examining the following aspects: organization, architecture, protocols used, configuration, and operating and staff skills. We use a practical approach, which is based on HSC's experience and the methodology we have developed over the years. The audit is carried out with the operating staff, in a limited space.
- Validation audits
The validation process checks the state of the system against an existing referential. For example, it verifies that previously defined security requirements have been correctly enforced.
- Intrusive audits
Active search for weaknesses in the system, using HSC's vulnerability database. The audit is conducted from within the audited network, using an approach based on intrusion attempts. This audit is carried out without the operating staff, in a wide environment.
External penetration tests
Unlike audits, intrusion tests are entirely conducted from outside the network being tested. The aim is to simulate a real attack to see how well or poorly the network resists.
Evaluations and analyses
These evaluations can concern:
We evaluate the relevance of the design, the resistance to attacks and/or cryptanalysis, the level of security provided, the perenniality of the solution...
an application (comercial software, scripts developped for a web site...),
a communication protocol,
a security architecture,
an electronic voting system,
The analysis includes some tests and an analysis of the source code and/or specifications when they are available. Otherwise, it can be done by reverse engineering.