Audit & Testing

Dognædis offers a wide range of Auditing Professional Service which can suits the requirements you have. It can be compliance driven or tailored to your reality, goes from infrastructure auditing, up to processes and procedures, including as well software security audits.



Penetration Testing

Penetration testing (pentest) is a type of information security auditing that adopts the perspective of a potential attacker as its mode of operation. With such tests, it is possible to perform an objective assessment of the potential vulnerabilities and existing attack vectors, therefore identifying what can be accessed, stolen or damaged in a real attack. The observations collected from a pentest are a mandatory requirement to the development of internal procedures to prevent and/or mitigate potential vulnerabilities. These observations are also a required source of information for a sound risk analysis, since the infrastructure profile gathered represents actual risks amenable to quantification. Therefore, the major goals of a pentest are:

  • Testing and validating the current technological infrastructure in order to assess the potential impact of an outsider attack.

  • Analyzing the data gathered in order to improve, modify or create information security policies and/or information security solutions that protect the organization's critical data.

  • Creating procedures for risk, security and resiliency metrics gatherings, that are continuously monitored, both at the most detailed technical level and to the synthesis executive report level, intelligible by upper management.

Dognædis Pentest services cover a wide range of scopes, from regular IT and Cloud infrastructures to more uncommon operating systems such as AIX, zOS, Solaris, BSDs, including as well other types of infrastructure such as OT, IoT, SCADA, different radio networks or the low level software of different electronic components.

Application Penetration Testing

The primary objective of an application penetration test is to identify exploitable vulnerabilities in applications before attackers are able to discover and exploit them. Application penetration testing will reveal real-world opportunities for attackers to be able to compromise applications in such a way that allows for unauthorized access to sensitive data or even take-over systems for malicious/non-business purposes.

This type of attack helps to identify application security flaws present in the environment, to have a better understanding of the risk level of your application, allowing the programming team to address and fix any identified application flaws.

Mobile Application Penetration Testing

With the growing popularity of mobile devices such as smartphones and tablets, as well as an immense growth in the number of applications for such platforms, the potential for new daily threats is a constant . In order to verify your mobile application’s security level we can test it to prevent and minimize the risk of an attack with the use of mobile technologies in platforms like Android, iOS (iPad/iPhone) or Windows Phone.




Vulnerability Assessment

Vulnerability assessment evaluates the risks involved in an infrastructure in order to reduce the probability of an unwanted/malicious event, meaning, a deeper analysis of the technical and technological vulnerabilities in a specific infrastructure specification and providing risk evaluations.. This analysis can range from standard automated procedures to a custom manual detailed assessment of the client's organization, in order to evaluate the security level of the system.


Infrastructures Security Audit

Set of standardized procedures and methodologies that provide an overall perspective of the target infrastructure therefore allowing a comprehensive understanding of its information security issues. From this analysis a set of security indicators are gathered, including risk-awareness and resilience metrics. This analysis includes not only but also:

  • V&V (verification and validation) of security policies;

  • V&V of physical communication infrastructures;

  • V&V of systems security, including vulnerability identification;

  • V&V of established protection mechanisms;

  • V&V of the staffs' susceptibility to spam.

 

After this analysis, it is possible to:

  • Identify actual threats to the organization infrastructure and the associated risk level.

  • Provide support to define and disseminate security policies that support, not hinder, the business goals.

  • Define policies that prevent expensive recovery costs by mitigating the impact of potential security breaches, both from internal and external sources.

  • Implement customized technologies to support those policies (not the opposite), maximizing reuse of the current infrastructure, therefore leveraging previous investments.

  • Maximize new investments to ensure business continuity, not technology for its own sake.

DDoS Testing

Stress testing the infrastructure to mimic real case scenarios to test your external defences. Volumetric, Protocol and Application layer attacks.

Software Security Fuzzing

Procedures of random data injection into software interfaces to detect security issues, inconsistencies and lack of robustness in developed applications. Designed to ensure the highest security levels in a software application.

Social Media