Infrastructure Security Assessment services aim to offer our customers accurate knowledge of their level of security and provide effective solutions to any weaknesses found in their systems. Included in this category are traditional services such as ethical hacking, vulnerability analysis in different technological environments (Wireless, VoIP, Critical Infrastructures - SCADA), and technical review of compliance with IT policies.
- External Penetration Testing
- Internal Penetration Testing
- Wireless Security Assessments
- Operational Technology (SCADA) Penetration testing
- Smart Grid Penetration Testing
- Interactive Voice Response (IVR) System and VOIP security testing
- Network and System Infrastructure Configuration Reviews
- Virtual Desktop Infrastructure and Citrix Security Testing
Application Security Solutions area focuses on the security issues associated with web, thick and mobile application development. Poor application design, configuration and implementation continues to be a large proportion of security breaches for organisations. For this, we have highly skilled professionals in the review of application security, source code and of application architectures.
- Web Application and Web Services Testing
- Dynamic Application Security Testing (DAST) – Managed Service
- Thick Application Testing
- Mobile Application and Device Testing
- Automated and Manual Source Code Review
- Mainframe Infrastructure and Application Testing
- Testing of ATM’s, ATM Switches, Cheque Processing Machines and POS Device Testing
- Kiosk Testing
Red Team services assess your defence-in-depth security controls; they can range from targeted social engineering campaigns to simulated APT attacks. This service is designed to target organisations by luring or manipulating personnel into providing sensitive information, subverting technical access controls to your network or gaining unauthorised physical access to your facilities. EY performs these assessments from a variety of attack vectors such as phishing scenarios, USB drops, specially-crafted malware, physical intrusion; all of which are combined with traditional penetration testing techniques. The aim is to compromise your network without the limitations of a traditional fixed scope.
Security Training: We provide a variety of tailored security training classes that allow organisations to quickly, efficiently and methodically train their security staff and developers to identify vulnerabilities within their information systems. Our Secure coding classes are designed to provide developers with the knowledge necessary to develop and maintain secure applications.
In addition, we also provide Social Engineering and Physical Security Assessments for clients that require a comprehensive security posture assessment encompassing non technology assets such as people, processes and organization.
Our network of ASCs has extensive global and local experience in assisting our clients with managing large scale security testing programs. We have successfully applied a risk based approach to create, perform and deliver on these types of large programs such as audit mandated BAU (Business As Usual) testing, platform upgrades and major releases of high risk and high volume projects across varied clients and industries.