In most industries, IT security has risen to the level of enterprise risk. Data has become as valuable an asset class as any other. As such, penetration testing, security audits, and vulnerability assessments should be conducted regularly. Redspin offers four major categories of IT security audits.
Redspin's penetration testing mimic the tactics of malicious attackers by attempting to break into your network from the Internet or other external vantage point. By conducting penetration tests in a controlled and non-destructive fashion, we can safely identify known vulnerabilities and then help you remediate those risks before a hacker can exploit them.
Website security audits or web application assessments are in-depth penetration tests that specifically evaluate web-based assets for security flaws or insecure processes. Redspin's methodology follows the 2013 OWASP Top Ten List of web application security risks. In addition, our expert engineers perform manual analysis as well, evaluating business logic and identifying even more sophisticated attack vectors.
Internal IT security audits are necessary to identify vulnerabilities that may exist on your internal network. Such flaws can result from non-optimal network design, configuration errors, viruses or malware, outdated software, insecure passwords and other poorly implemented controls. In many industries, a regular internal security assessment is necessary to maintain compliance with a government regulation (HIPAA, FFIEC/GLBA, etc).
Social engineering testing underscores the fact that employees themselves often present the highest risk for a security breach. The increase in the use of mobile devices at work has increased this threat even more. Raising security awareness through regular testing and training is an often overlooked area of security management. Redspin can help by designing custom test scenarios (email phishing, pretext phone calling) and also offers web-based, self-paced training courseware.