We provide the full spectrum of penetration testing and security assessment services, from simple network-scans to web application source code review. Our security services are designed to save you the inconvenience of being hacked, prosecuted, embarrassed, or fired.
As a boutique provider of expert-driven penetration testing, we will tailor your project to suit any requirement of budget, time, internal jurisdiction, or external threat. We treat each client as an individual and routinely deliver the following:
- Infrastructure Penetration Testing
- Application Penetration Testing
- Applied Threat Modelling
- Social Engineering Penetration Testing
COBIT, RiskIT, HIPAA, ISO27001, PCI, Crest, CHECK, Tiger, OSSTM, OWASP. No matter what the methodology, our consultants will work with you to ensure we meet and exceed the standard of assurance required. If you prefer your own in-house security methodology or in-house report style, we can conform to it.
Our penetration testing is consultant-driven, so you can direct the focus according to what matters most to your organisation.
Our independent Penetration Testing services do more than just identify individual weaknesses in your systems at the point of assessment. They will tell you how you compare to your peers, they can track your improvement since the last assessment, and provide valuable input to strategic decision making within your Information Systems organisation. Our assessments are no tick-box-test, they uncover:
- Significant un-patched vulnerabilities in software and systems
- Failure of procedure (e.g. use of insecure OS builds/configuration)
- Compromised systems already present in your organisation
- Orphaned/unmaintained systems left to rot
- Relics/retired systems that should have been removed long ago
- Badly configured (e.g. unduly permissive) systems
- Unintended consequences within complex environments
- Missing skills or structural problems within your team
- Weakness in your vendor selection process based on security record
- The effectiveness of your remediation process
Our reporting delivers a high-level summary for management together with technical details organised according our own 4-point risk classification. Within each section are recommendations for resolving any vulnerabilities found, combined with overall conclusions detailing any additional recommendations.
Know Where You Are Vulnerable
If you are ready to talk to one of our consultants now about assessing the state of your Information Security then please get in touch. If you would like to know more about Penetration Testing, read about how our clients benefit from it, or need help in evaluating different Penetration Testing providers, read on:
- Case study, "Penetration Testing for a Financial Institution"
- Whitepaper, "Understanding, Commissioning, Maximising Value From Penetration Testing"
About 360is Penetration Testing Services
We are a boutique, independent, professional services company. We enable our clients to secure their valuable data, meet compliance standards, and maintain customer confidence. We are experts, having worked previously in senior security roles for the world’s largest and most successful ISP. Working in the field of Internet Security since 1995, we are CISSP and BS7799 Lead Auditor certified, and referenced via with top 5 Investment Banks, Telcos, Online Gaming and E-Commerce companies.