An extreme level of reciprocal trust is necessary between the parties involved in a security assessment, which implies a number of preliminary discussions and very strict security guidelines.
Navixia subscribes to the principles of the international standard ISO 17799 and relies on a strict methodology based on the OWASP risk-evaluation standard. Based on our experience, we have singled out a list of potentially tricky issues that should be checked to make sure your network is correctly protected. The idea is to identify and block any potential risk before it might become a liability to your business. Each assessment includes a detailed report and a list of recommendations to correct the potential vulnerabilities.
External Security Assessment
Is your company vulnerable to attacks coming from the internet and the outside world?
Based on various tests selected in relation to both your infrastructure and your users, this assessment will draw a precise map of potential vulnerabilities and assess their implications.
Internal Security Assessment
Could an attack or vulnerability be activated from within your company?
Protecting the network against outside attacks may not be enough. The company can also be compromised from the inside. An internal assessment is performed from within the company's premises and aims to ascertain what kind of damages a non-authorised person, a visitor for example, might manage to perform within the company network, and how he would proceed. By carefully testing your infrastructure, we will ascertain if your company is potentially vulnerable to attacks launched from the inside by an attacker who has a physical access to your fixed or mobile network.
Web and mobile applications are a potentially vulnerable entry point into your corporate network
Often, application errors can be leveraged to gain access to the network itself. Besides, many applications store and/or use sensitive information, and proper controls must be in place to protect this data. The methodology used by Navixia will provide a comprehensive overview of the security posture of one or several specified web or mobile application(s) and check that your data cannot be leaked or tampered with. An application assessment can be performed from various angles depending on your requirements. We are at your disposal to discuss this with you.
Secure Code Review
This thorough assessment of software code will detect potential security flaws in your existing applications
A large proportion of attacks take place by way of applications that contain insecure pieces of code. Faulty code may cause a potential vulnerability and thus provide an entry point into your company infrastructure or data. It is therefore highly recommended to identify such flaws before they can harm your systems.
The aim of a Secure Code Review is to validate all points in the application that are relevant to security, such as authentication, authorisation & access control, session management, error handling, cryptographic controls, input validation or other elements depending on the software under consideration.
Architecture or Configuration Assessment
Specific, sensitive or strategic parts of your IT infrastructure might require a closer security evaluation
There are sections or components in your IT perimeter that might prove particularly critical for your organisation – either because of the sensitive information they contain, or because they are essential to the smooth, safe running of your business. It makes a lot of sense to make sure that these key areas are not vulnerable. We will assess various aspects of security based on your specific requirements. As the scope of an architecture or configuration assessment will depend on each company's specificities, we will be happy to discuss this with you, without any engagement.
Digital Code Signing Service
Code signing is the best and most recommended technical protection against malicious code
After your code has been subjected to a secure code review, safety can be taken one step further: the code can be digitally signed so that it is "stamped" as secure. Code signing aims at confirming the identity of the software author while guaranteeing that the code has not been tampered with or corrupted since it was last verified and signed. We strongly recommend that at least your Office macros should be signed, as they are very vulnerable elements of code in your network and may all too easily become a weak link in your IT security.
Code/Macro signing is a time consuming process which requires specialised resources and knowledge that may not always be available internally. Navixia's team of experts will be happy to assist you.