Reset your Security Roadmap
Our assurance services aim to identify issues and gaps in organisations security posture and help businesses to reset and design their security roadmap. We understand there is no one-size-fits-all in cyber-security. We tailor our services to help our customers put effective controls in the right places to help them improve their security posture and reduce their risk of a breach.
Penetration Testing focuses on locating weaknesses in your systems before an attacker does. Sentaris security consultants have extensive experience in testing some of Australia’s largest and most complex systems.
Our testing methodology blends a baseline of automated testing with a heavy focus on manual assessment and testing of high-risk components. Furthermore, our methods and practices extend beyond traditional testing while we delve into high-risk business logic issues. This approach has the advantage of being cost-effective and comprehensive while focusing on high-risk, high-impact weaknesses.
- Web App Pen Test
- Corporate Network Pen Test
- Mobile Pen Test
Sentaris’ Scenario Testing service (aka Red-teaming) is a Penetration Testing methodology that moves away from the traditional testing of systems and applications. It focuses on real-world compromises that your business relies on such as:
- Theft of customer data
- Financial information
- Other sensitive intellectual property.
Scenario Testing has the advantage of simulating the methodology used by attackers. This provides your organisation a more comprehensive assessment across a broader range of controls. These include traditional technical controls, physical security, businesses processes and user awareness. Scenario Testing provides greater assurance against sophisticated cyber attacks.
Control Effectiveness Testing
Security Controls are often tested for usability, but seldom for their effectiveness of mitigating the threats they are implemented to protect. We use our extensive security and business experience to assess your existing security controls against the latest security threats. We ensure your controls are not only effective, but relevant to the modern security landscape.
Social engineering is a process attackers use to trick employees to divulge confidential or personal information that they can use to build and execute attacks against an organisation. Sentaris can test both your employees, and systems, for resilience against a targeted attack.
Internet Footprint Assessment
An internet footprint assessment focuses on the perimeter discovery in order to collate publicly available information pertaining to an organisation’s business practices, IT infrastructure, web applications, exposed services, customer and employee information, and more. The collation of this information allows Sentaris to determine the risk posture for an attack and is performed with the same level of access as a malicious attacker.
Sentaris will enumerate all internet-facing devices and services then scan them for known vulnerabilities. Additional manual penetration testing techniques are also used to uncover additional areas of weakness. At this stage, the weaknesses will be leveraged in an attempt to gain access to additional services and data.
This assessment is extremely useful as a measure of asset identification to help organisations understand their footprint and formulate IT security strategies relating to possible vectors for attack.
Almost all businesses use and rely on wireless networks for access to critical and confidential services. Unfortunately, there are many opportunities for misconfiguration, which may lead to attackers gaining unauthorised access to the internal network.
Sentaris Wifi Assessment checks numerous aspects of the wireless configuration, including:
- Encryption and any cryptographic keys are not easily cracked;
- Authorisation to the wireless network does not leak credentials;
- Wireless clients cannot be attacked through rogue access points;
- Users on the guest wireless network cannot access the internal network;
Internal Posture Assessment
Corporate networks are a goldmine of information to attack and exploit. Yet few organisations have even the most basic measures in place to help protect them. An internal vulnerability assessment evaluates security from the inside. Looking at ways that individuals located inside the company can exploit network and data assets. Once an attacker gains a foothold, it is only a matter of time before they reach and potentially compromise valuable data. Sentaris ensures its customers have a strong foundation in place to detect, contain and respond to such threats. We have a wealth of experience in both design, implementation and testing of security controls and ensure our clients internal corporate network is underpinned by strong, relevant and current security practices.
New vulnerabilities are disclosed daily. Unless quickly detected and remediated in your environment, they can leave systems open to exploitation by attackers. Sentaris can provide you with a regular vulnerability assessment service using specialised, automated tools to remotely assess your systems for publicly disclosed vulnerabilities. A regular vulnerability assessment program can highlight new and existing vulnerabilities in your environment. This will lead to a reduction in organisational risk.
Secure Code Review
Security code review is the process of auditing application source code to ensure that the best practice security controls are implemented. Sentaris will help you identify vulnerabilities within your application before discovered by malicious actors. This practice is extremely effective at eliminating most previously unidentified vulnerabilities within an application. It ensures systems are more secure and protects business assets and reputation.
Contact Us to find out how we can help improve your business security