Internet Pen Test
Test the security from the perspective of an anonymous attacker on the Internet.
Intranet Pen Test
Test the security of your internal network from the perspective of an anonymous / educated insider.
Web Application Assessment
Test the security of your web applications or other thick applications.
Test the security of your wireless infrastructure from the perspective an anonymous outsider in close physical proximity.
Mobile App Assessment
Test the security of your mobile applications on the iPhone, Android or the Blackberry.
Test the security of your modems.
Source code review
Get the security of your source code assessed in a true white-box / gray box style assessment. If your web application accepts credit cards, this assessment is mandatory if you do not use a web application firewall (WAF).
OWASP top 10 training
Get your developers trained to combat the OWASP Top 10 vulnerabilities. From a PCI perspective, this training is mandatory. Security in your SDLC cannot be complete without such training.
Get your employees educated about Payment Card Industry (PCI) and how it affects your organization. Also, train them to securely handle credit card data. This kind of training is mandatory to achieve PCI compliance.
Test the security of your employees and whether or not your security awareness campaign is working.
Get your organizational security audited per ISO 27002 guidelines. This assessment serves as an enterprise risk assessment mandatory per PCI DSS requirements. This also verifies whether the security policies are sufficient and whether they are effective.
Security Configuration Reviews
Get the security configuration of your network devices (firewalls, routers, switches, IPS, IDS, etc.), servers (Windows, UNIX, etc.), web servers (Apache, IIS, Tomcat, etc.) reviewed.
Search for sensitive information such as PCI data, SSNs, PII/PHI, SWIFT information or any other sensitive information on your organization’s systems to achieve greater knowledge or compliance to regulations