Quadrant360 consulting

Menu

Cloud & IT Security Audits

 

Our Audit team draws on its knowledge base and unique expertise to assess the security level and resistance of its customers’ information systems.

Our goals:

  • Provide corporate managers with visibility on the maturity and performance of their information system security
  • Protect IS applications and critical resources
  • Align troubleshooting actions with the reality of threats (frauds, viruses, DoS, etc.).

 

COMPLIANCE AUDITS

The aim of compliance audits are to provide a security assessment on the basis of private (the customer’s) or public ( ISO 2700x, ISO 22301, ISO 20000, ISO31000, MTCS 584 etc) reference frameworks:

  1. Compliance audit of user and administrator passwords. Identification of users with non-compliant passwords.
  2. Analysis of the organization’s processes and reference frameworks for documents (ISSP, procedures, etc.).
  3. Emphasizing the strengths and weaknesses of the organization
  4. Focus on compliance (LSF, CNIL, LCEN, etc.)
  5. Overall audit of the IS with analysis of challenges and risks (organizational and/or technical vision).

 

ARCHITECTURE AUDITS

Architecture audits aim at establishing a technical diagnosis of an infrastructure’s security level by conducting a detailed review of the configuration of various components:

  • Evaluation of the security level of applications and critical resources (ERP, messaging system, directory, etc.).
  • Assessment of the resistance of web servers, Internet access points, architectural partitioning, ToIP infrastructure, etc.
  • Architecture design audit

 

DEVELOPMENT SECURITY ADUITS

As application vulnerabilities currently represent the main source of flaws, securing applications’ source code is an essential step in protecting against increasingly sophisticated attacks.

The objective is to identify and analyze, from a security perspective for a specific application, the weaknesses of the source code and the development techniques implemented for security purposes.

Code review: list the technical vulnerabilities of the source code and establish best practices to correct them. Using tools for static code analysis, the aim is to uncover technical vulnerabilities such as SQL injections or Cross-Site Scripting.

Security code auditing: ensure that technical specifications have been implemented in the present state of the art and identify application vulnerabilities that may be exploited. Our expert teams verify the presence of all vulnerability categories, including:

  • Malicious codes: backdoors, logic bombs
  • Technical vulnerabilities: SQL, XSS, XXE, CSRF injections
  • Authentication and authorization management
  • Traceability
  • Error management

Leave a Reply

Scroll to Top