News/Press
Company
Security Solutions
Security Services
Trainings
   
Overview
Consulting
Security Analysis
Security Concepts
Implementation
Support
Incident handling

cirosec – Security Analysis/Audit

Many companies already have a wide range of security infrastructures. The question always arises, however, as to how secure these structures are. Security is a snapshot in time, which is continuously placed in question by changes to components such as firewalls, new services going on line, and the constant appearance of new threats.

cirosec offers you comprehensive investigations of the security of your systems. These investigations can encompass either specific components of your security infrastructure (e.g. firewalls, VPNs or IDS), or applications and their components (e.g. Web application servers). Our spectrum ranges from classic external network scans to application investigations or on-site manual audits.

Our many years of practical experience and detailed knowledge of the hacker community and its methods enable us to investigate your IT solutions with regard to potential security risks.

Depending on your wishes, the investigation can be carried out from a "black box" viewpoint, i.e. without inside information, or from a "white box" perspective, where we have detailed knowledge available on the infrastructures we are investigating. Possible avenues of attack include local networks, external connections such as Internet and RAS access points, VPNs and other types of access such as WLANs.

Classic methods such as network scans are unsuitable for testing the security of applications. Other methods are necessary here: those which affect the application level, such as manipulation attempts via input fields, SQL injection, or the analysis of source texts in the application components. cirosec GmbH is one of the few providers which have specialized in this area of safety audits.

Safety audits are always a very company-specific subject, and there are no universal recipes. A complete audit of all security-related aspects in a larger company would have to consider all technical areas of IT and at least as many organizational aspects. In practice, complete audits of all areas would take years, and would generally not be feasible. Therefore before an investigation is carried out, its scope and focus must be agreed upon. We advise you ahead of time which areas and audits are appropriate in your individual case.
image