The daily importance of Internet and Extranet communications means that organisations must place increased trust in the products, systems and applications that they use. That trust is a measure of the confidence or assurance that a component, a product or an entire system will perform reliably and to specifications, even in the face of attack.
Being reactive to security issues as and when they are discovered by an attacker is not an effective manner in which to manage the risks facing your organisation. A proactive organisation understands the importance of information, knows their security status at any given time and appreciates that testing can be used to measure that status as part of a managed approach to risk mitigation.
Members of our security team are certified in many aspects of Information Technology including Microsoft, Cisco, Checkpoint, Nokia, CISSP, CLAS and the few penetration testing focussed certifications available such as the OSSTMM Professional Security Tester (ISECOM OPST), Certified Ethical Hacker (EC-Council) and Certified Penetration Testing Specialist/Expert.
dns operates a methodical testing framework carefully selecting the most relevant parts from other standards such as the Open Source Security Testing Methodology Manual (OSSTMM) and the Open Web Application Security Project. This approach ensures that the testing being performed is reliable and repeatable, using a subtle blend of automated and manual penetration testing to ensure the quality of the results during the testing period.
The dns testing team offer the following services:
- IT Security Audit – an evaluation of your current security status. This involves a holistic approach to security auditing including measurement of technical, administrative and physical defences.
- Penetration Testing – we provided both on-site and remote penetration testing to our clients, which is focused on either internal network and system security, or Internet/DMZ ‘point of presence’ security.
- Web Application Security Assessment - full life-cycle Web application and Web services security, providing forward-looking advice and practical delivery on all aspects of secure service delivery to the Internet.
All types of testing will produce quality reports for both technical and management audiences including details on identified vulnerabilities, rating of risk and resolution guidance.
