|
|
|
Useful Information on the Technical Security
Audits Carried out by OneConsult
The success and quality of any project depends on
thorough preparation, efficient project management and close collaboration
within the project team. The remarks below relate to the following
OneConsult products: security
scan, penetration
test, ethical hacking
and application
security audit.
- OneConsult GmbH is ISECOM
Licensed Auditor (ILA), Gold Level and our security consultants
are ISECOM certified in various areas of expertize (OPST = OSSTMM
Professional Security Tester, OPSA = OSSTMM Professional Security
Analyst, OSSTMM-Trainer), guaranteeing that the tests will be
thorough and professional and that documentation of the results
will be informative and comprehensive. For confirmation of this,
see our references.
- Tests can only be carried out on components that have their
own IP address and can be accessed during the tests.
- Project coordination (definition of objectives and team, project
milestones and scheduling) is carried out at the kick-off meeting.
- In all tests except ethical hacking, security vulnerabilities
and loopholes are identified or verified without modifying the
test object.
Ethical hacking (hacking to order) explicitly exploits
security vulnerabilities in accordance with the client's instructions,
and the test object may be manipulated or modified.
- We guarantee that no sensitive information relating to the project
will be passed to third parties.
- Our consultants are of impeccable character. OneConsult GmbH
and the majority of our consultants have also been security screened
by the military (Defense Department requirement for carrying out
classified projects in the military environment).
- Tests on DMZs (testing the Internet connection and DMZ from
external perspective) are normally carried out via the Internet
(exception: denial-of-service (DoS) tests).
- Tests on WLANs or LAN/WANs are carried out on-site at the client's
premises.
- The final report is normally compiled at the premises of OneConsult.
- Tools are always used when automated mechanisms can be employed.
All the activities could of course be carried out manually, but
this would significantly extend the timeframe for the project
without improving the results. Many of the tools we use (our specialists
have also programmed their own special tools) are also widely
used in hacking circles.
- There may be brief but noticeable dips in the performance of
the target systems while the tests are being carried out. In extremely
rare cases, system outages may occur. However, our experienced
Security Consultants will do everything possible to ensure that
this does not happen.
If you're interested in OneConsult and you'd like a no-obligation
consultation or more information, please contact
us.
Further Information
|  |
