JUMPSEC offer a comprehensive range of testing and assurance services that will provide you with a measurement of risk exposure and advice on how to best secure your assets.
Internal and external Penetration Testing can be conducted from a Black, White, or Gray Box perspective.
- Test the security of your technology
- Test the security awareness of your people
- Test the strength of your processes
- Identify and address the weaknesses and exposures in your business
Services backed by robust methodologies drawn from OSSTMM and CREST.
We help secure you apps and ensure they are trustworthy. Decompilation of the installed app allows our technical team to perform in depth application analysis looking for security bugs in the source code and application itself.
- Mobile app and server-side testing
- Misconfiguration and finding sensitive information
- Access permissions, injections and error messages
Testing consists of discovering the vulnerabilities within and the likely threats to both your Website and Applications. It can be quite alarming to be told you’re vulnerable so we are equally adept at helping our clients find and implement solutions that mitigate or reduce the risk of compromise.
- Web application security assessment
- Application threat modelling
- Automated and manual code analysis
- Web server configuration assessment
Advanced simulated attacks (ASA) allow for thorough in depth testing that could not be otherwise done on a production network with the risk of downtime. We simulate various high-level real world attacks with or without specific goals in mind.
- Latest security vulnerabilities exercised and utilise different attack vectors
- Notes detailing what was done and how to defend against it in the future
- Hardening and tuning your defensive systems for optimum security
We take social engineering testing seriously, we perform multi pronged attack such as using telephone pretexting, vishing, phishing and browser based exploitation attacks. Here are some of the most common goals:
- Obtain access to premiss and steal equipment
- Collect information, plant rogue devices
- Social engineer employees for information
Responding quickly is key to any security breach, we provide incident handling and management services and track the threats down one by one. We strive act quickly and minimise the duration of impact.
- Pinpointing source of breach
- Device isolation and network tapping
- Forensic analysis of logs
Regular re-testing of your network infrastructure is an important step in identifying compromises to your IT systems. It can also help to identify advanced persistent threats or other malware attacks. Recommended for any organisation with public-facing servers and interactive websites, or where quarterly PCI ASV scans are mandated.
- Quarterly, monthly and on demand scanning arrangements
- Pin point your most vulnerable IP’s
- Maintain PCI compliance
Your network infrastructure transports the lifeblood of your organisation, information. We will assess your organisation’s core, distribution and access level network infrastructure to identify areas of the network that expose key components to the myriad of threats out there.
- We can evaluate IDS/IPS and other alerting or control mechanisms.
- Firewall and network topography reviews
- Network segmentation analysis and data flow analysis
- VPN Evaluation
We help identify where the architecture of your network can be more effective and provide workable advice to improve.
At JUMPSEC, we recognise that consultancy services aren’t just about Ethical Hacking, the sometimes complex relationships between threats and vulnerabilities that together represent a business risk must all be quantified. Our experience and expertise can guide organisations and provide strategic insight around the complex issues of governance, compliance & legislation and all aspects of a security transformation project.
JUMPSEC offer the very best in group security training workshops. We can offer our own course syllabuses, or bespoke a course to your requirements. A sample of the courses we run:
- Security awareness
- Introduction to penetration testing, tools and techniques
- A guide to the management and procurement of penetration testing services
- Mobile application hacking
- Secure Development Life Cycle and Secure coding practices
We are more than happy to discuss any specific requirements you may have.