Home > Services > Security Assessment

Security Assessment

Emaze covers any necessity related to the so called security audits, which focus in the detection and , later, the cancellation of threats, issues, possible points of attack on a system (or on a whole ICT network). Assessment test or services can be time-planned or, otherwise, they can be connected to the adoption of a new technology or to the implementation of an information technology system. The results, besides the technical reports, are targeted to the addressee: detailed reports are sent to the Managers or those in charge of the departments being assessed.

The main security assessment activities and services are the following:

  • Penetration Test involves the simulation of the behavior of a real attacker as a physical person (hacker), or as a worm trying to enter the system in order to violate it, acquire info, cause disorders.
  • Vulnerability Assessment is the research of all the possible points of attack on a system. It should be carried out on a regular base in order to verify the update procedures correct functioning, as well as state of the firewall configuration.
  • Code Auditing is focused on the application program code analysis. It highlights the threats related to lack of input filters, the bad implementation of database calls, the log in wrong procedures, the lack of output control filters.
  • Wireless testing aims at evaluating the correct implementation of the wireless infrastructure, WiFi, Blackberry.
  • Social Engineering consists in finding a way into the network by only interacting with the company personnel.
  • Malware analysis consists in the assessment and verification of detected files which might be infected or corrupted, as well as system break-in backdoors, and data exportation.
  • Forensic involves detailed research and analysis of damaged systems following an IT incidents.

Assessments can be carried out on the whole structure, or on specific environments: web sites, company intranets, portable device defense.

Emaze evaluates the security status of the legacy devices owned by the customer, and if needed, embeds a remediation plan on these devices since the early phases of the projects.

These activities are executed by a team of experts, through a detailed schedule as for the information Emaze acquires initially in order to start the assessment, for the personnel being acquainted of the activities timetables, and the feedbacks in case of negative results.