PCI Consulting Australia can also provide internal vulnerability scanning services and report accordingly.
A vulnerability assessment consists of scans and manual vulnerabilities discovery. The main difference between a vulnerability assessment and a penetration test is that during the vulnerability assessment we do not attempt to exploit the vulnerability. We are proving that they exist and explain them in the report.
Our cloud services review consists of three core elements: architecture review, configuration review and verifying monitoring processes. As recent history has shown, misconfigured cloud services can be an easy point of entry for attackers, even if the applications and infrastructure are secured to the highest standards. A cloud security review is another approach that PCI Consulting Australia helps protect your systems, data and customers.
Human factor remains the weakest link in the corporate IT chain. Having well secured and patched systems is actually only less than half the battle. Expanding security awareness amongst the employees of every level in the organisation becomes more critical with every passing day. PCI Consulting Australia offers email phishing campaigns which will test the employee’s susceptibility for social engineering attacks.
PCI Consulting Australia offers SOE reviews of the most critical systems in your environment. This standardised approach ensures the configuration of the devices is up to industry standards.
Due to the nature of the wireless networks, attackers do not require physical access to the local network. If the wireless network is not configured and secured properly, it can become an easy entry point for the attacker to the internal corporate network.
(a step down from full penetration testing, only watching the traffic and looking for security misconfigurations)
In some cases, running an active penetration test is not possible due to legal constraints, the fact that the application is not owned by you, and many other factors. To combat those restrictions, PCI Consulting Australia offers passive testing. Our tester will browse the application, monitor and capture the traffic and analyse it from a security perspective. As a result, many security misconfigurations can be detected and remediated, increasing overall security posture of the environment.
Accessibility testing is designed to verify which systems (if any) are accessible from locations which by design should not have access to those systems. In many cases misconfigured ACLs or firewall rules allow specific traffic to pass through to unwanted subnets which can present additional attack vectors- especially if those target hosts contain sensitive data.
This engagement can consist of the following tests:
Users can quite often reuse their passwords which puts the corporate environment at risk. OSINT identifies which users are the highest risk to the business from this perspective due to the previous compromise of the account on a 3rd party portal where the user utilized their business email address.