IT system security reviews
It’s vital to regularly check our IT systems for weak spots to make sure they can’t be exploited by cyber threats.
Security reviews help us improve our system management, help us pinpoint vulnerabilities and find solutions. Ultimately, they help us keep data safe and prevent unauthorised access.
We can arrange a thorough security review of any work-related IT system or software, developed internally or managed on-site. Reviews are carried out by our trusted security experts.
Key features
- Expert advice: you’ll get guidance from experts on how to protect your systems and keep them safe.
- Penetration (pen) testing: simulated attacks uncover vulnerabilities across a wide range of scenarios.
- Code reviews: if you have software, the code will be checked in detail to find potential weaknesses.
Types of reviews available
Our external partners offer a range of penetration testing and security reviews against industry best practices. Reviews can be requested individually or as a combination.
Infrastructure
- External testing:
Checks for vulnerabilities in your publicly accessible systems. - Internal testing:
Examines your internal network for weaknesses.
Configuration
- Cloud configuration review:
Checks that your cloud setup meets NCSC cloud principles (ncsc.gov.uk) and industry best practices. - Device/host review:
Checks that your system setups comply with security guidelines from CIS (cisecurity.org), NCSC (ncsc.gov.uk) and the vendor.
Application security
- Web application testing:
Checks for security problems in web applications, using the Open Worldwide Application Security Project (OWASP) Top 10 and business logic vulnerabilities (owasp.org). - Web services/API testing:
Examines the security of your APIs using OWASP, such as the Web Security Testing Guide (WSTG) (owasp.org). - Mobile application testing:
Identifies security issues in mobile apps.
Wireless security
- Wireless assessments:
Reviews your wireless network for security risks.